[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [oss-security] Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang

To: oss-security@xxxxxxxxxxxxxxxxxx
From: Matthew Daley <mattd@xxxxxxxxxxx>
Date: Tue, 3 Dec 2013 11:43:19 +1300
Cc: "Xen.org security team" <security@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Mon, 02 Dec 2013 22:43:38 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, Dec 3, 2013 at 7:16 AM, Kurt Seifried <kseifried@xxxxxxxxxx> wrote:
> On 12/02/2013 10:22 AM, Ian Jackson wrote:
>> * Should the Xen Project security te4am have treated this issue
>> with an embargo at all, given that the flaw itself was public ?
>
> I would say this depends on the level of public disclosure. For
> example from "upstream" (AMD) there was a very limited disclosure (no
> public announcement I'm aware of) and just some notes in a single PDF.
> However this was also made public via the person who found it and then
> picked up by ZDnet in an article, so I would personally count that as
> quite public.

Can you post a link to this ZDnet article? I don't think it can be the
one linked in the CVE description itself, because that talks about a
different, earlier bug IIUC; I privately asked Matt Dillon, who
discovered Errata 721, and he agreed that this CVE talks about a
different (but maybe related) Errata, #793.

- Matthew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [oss-security] Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
  - From: Andrew Cooper

References:
- [Xen-devel] Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
  - From: Xen . org security team
- Re: [Xen-devel] Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
  - From: Ian Jackson
- Re: [Xen-devel] [oss-security] Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
  - From: Kurt Seifried

Prev by Date: Re: [Xen-devel] [PATCH net v4] xen-netback: fix fragment detection in checksum setup
Next by Date: [Xen-devel] [PATCH 36/39] xen: pciback: remove DEFINE_PCI_DEVICE_TABLE macro
Previous by thread: Re: [Xen-devel] [oss-security] Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
Next by thread: Re: [Xen-devel] [oss-security] Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.