[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
A quick note to inform you that NetBSD is not affected by CVE-2018-8897.
Microsoft shared the vulnerability details with us a month in advance.
NetBSD-7, and all the previous releases, didn't have support for debug
registers. So they have never been affected.
Support for debug registers was introduced in NetBSD-current and NetBSD-8.
Upon getting the vulnerability details, we disabled this support by
default with a privileged sysctl.
NetBSD-8 will be released with debug registers disabled by default,
therefore it won't be affected by CVE-2018-8897.
A real fix for the issue has been committed in NetBSD-current.
We would like to thank Microsoft for sharing the vulnerability details
Main Index |
Thread Index |