On 01/04/2018 10:49 AM, Akemi Yagi wrote:
On Thu, Jan 4, 2018 at 9:51 AM, rikske@deds.nl wrote:
Please patch the CentOS-virt Kernel to fix the Kernel Side-Channel Attacks vulnerabilities.
The latest CentOS-virt kernel was released in November, as seen below.
kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30
https://access.redhat.com/security/vulnerabilities/speculativeexecution http://mirror.centos.org/centos/7/virt/x86_64/xen/
As far as I can see, the patches for KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed) will appear in kernel 4.9.75. Looks like it will be released soon upstream (kernel.org).
To my best knowledge KAISER doesn't matter for Xen Dom0's given they run in PV mode, and KAISER isn't enabled for PV guests.