On Wed, 2020-11-11 at 13:18 +0000, masashi.kudo@cybertrust.co.jp wrote:
> Hi, 
> 
> The other day, I inquired about CVE-2019-0145, CVE-2019-0147, and CVE-2019-0148 in the following email.
> 
> The kernel team discussed for weeks how to deal with them.
> As a result of these discussions, we concluded to ignore them until Intel fixes issues, because:
>  - The descriptions of patches are not clear, and we cannot figure out what is right
>  - The patches we identified do not really look like fixing too serious stuff.

They all seemed to involve communication with the owner of a PCIe
Virtual Function (VF).  A VF might be assigned to a VM or privileged
process.  In Civil Infrastructure systems those should already be
trusted and so the issues don't matter that much.

> So far, we had the following AI, but we close this based on the above situation.
> 
> 2. Check whether CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 needs to be backported to 4.4 - Kernel Team
[...]

Well, I found it quite easy to backport the applicable parts of the
fixes.  I already sent them along with some other fixes for the 4.14
and 4.9 branches, and could still do so for 4.4.

Ben.

-- 
Ben Hutchings, Software Developer                         Codethink Ltd
https://www.codethink.co.uk/                 Dale House, 35 Dale Street
                                     Manchester, M1 2HF, United Kingdom