CVE-2018-8897

To: security-announce%netbsd.org@localhost
Subject: CVE-2018-8897
From: Maxime Villard <maxv%netbsd.org@localhost>
Date: Thu, 17 May 2018 08:24:58 +0200

Hi,
A quick note to inform you that NetBSD is not affected by CVE-2018-8897.

Microsoft shared the vulnerability details with us a month in advance.

NetBSD-7, and all the previous releases, didn't have support for debug
registers. So they have never been affected.

Support for debug registers was introduced in NetBSD-current and NetBSD-8.
Upon getting the vulnerability details, we disabled this support by
default with a privileged sysctl.

NetBSD-8 will be released with debug registers disabled by default,
therefore it won't be affected by CVE-2018-8897.

A real fix for the issue has been committed in NetBSD-current.

We would like to thank Microsoft for sharing the vulnerability details
with us.

Maxime

Prev by Date: NetBSD Security Advisory 2018-007: Several vulnerabilities in IPsec
Next by Date: NetBSD Security Advisory 2018-008: Several vulnerabilities in NPF
Previous by Thread: NetBSD Security Advisory 2018-007: Several vulnerabilities in IPsec
Next by Thread: NetBSD Security Advisory 2018-008: Several vulnerabilities in NPF
Indexes:

Home | Main Index | Thread Index | Old Index