On Tue, 26 Jun 2018, Mike Ely wrote:
It's been a while since that was released (at least for Centos7) and I'm wondering if there's a plan to release this for SL6 as well.
Basically, for RHEL/CentOS/SL 7 there is a simple fix, but for RHEL/CentOS/SL 6, Red hat will have to back-port some functionality.
https://access.redhat.com/solutions/3485131 says: RHEL-7 Mitigation RHEL-7 defaults to (safe) "eager" floating point register restore on Sandy Bridge and newer Intel processors, so is not affected. AMD processors are not affected. You can mitigate this issue on older processors by booting the kernel with the eagerfpu=on parameter to enable eager FPU restore mode. In this mode FPU state is saved and restored for every task/context switch regardless of whether the current process invokes FPU instructions or not. The parameter does not affect performance negatively, and can be applied without adverse effects to processors that are not affected. RHEL 6 and earlier are impacted by this CVE and do not provide the eagerfpu parameter. Red Hat will be releasing updates which will change the behavior. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-3665 currently depends upon six other open bugs, but I don't have access to see whether they cover RHEL6. -- Andrew C. Aitchison Cambridge, UK [email protected]
