BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBSD Errata: August 24th, 2018 (vmml1tf)

23 August, 2018 by tj@openbsd.org | openbsd 

Errata patches for the kernel have been released for OpenBSD 6.3 and 6.2.

The Intel L1TF bug allows a vmm guest to read host memory.

Binary updates for the amd64 platform are available via the syspatch utility.
Source code patches can be found on the respective errata pages:

  https://www.openbsd.org/errata62.html
  https://www.openbsd.org/errata63.html

Run the fw_update command to get updated CPU microcode before rebooting.
If your machine has SMT ("hyper-threading") capability, it must be disabled
in the BIOS.

The CPU microcode update is not available for OpenBSD 6.2, so a BIOS update
is required to receive the accelerated L1 cache solution there.