[CentOS-virt] CentOS-virt - Kernel Side-Channel Attacks

Thu Jan 4 19:12:52 UTC 2018
Sarah Newman <srn at prgmr.com>

On 01/04/2018 10:49 AM, Akemi Yagi wrote:
> On Thu, Jan 4, 2018 at 9:51 AM, <rikske at deds.nl> wrote:
> 
>> Please patch the CentOS-virt Kernel to fix the
>> Kernel Side-Channel Attacks vulnerabilities.
>>
>> The latest CentOS-virt kernel was released in November, as seen below.
>>
>> kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30
>>
>> https://access.redhat.com/security/vulnerabilities/speculativeexecution
>> http://mirror.centos.org/centos/7/virt/x86_64/xen/
>>
> 
> ​As far as I can see, the patches for ​
> KAISER (Kernel Address
> ​ ​Isolation to have Side-channels Efficiently Removed) will appear in
> kernel 4.9.75. Looks like it will be released soon upstream (kernel.org).
> 

To my best knowledge KAISER doesn't matter for Xen Dom0's given they run in PV mode, and KAISER isn't enabled for PV guests.