[PLUG] Meltdown, Spectre and Debian
Siddhesh Poyarekar
siddhesh.poyarekar at gmail.com
Fri Jan 5 23:26:27 IST 2018
On 5 January 2018 at 23:02, shirish शिरीष <shirishag75 at gmail.com> wrote:
> Dear all,
>
> While I don't want to be the paranoid one here, the situation here
> seems to demand it.
>
> 3 Days back the Register broke the story of a chip vulnerability -
>
> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>
> While it seeked to paint only Intel, it is now learnt that the issue
> is across the board, i.e. Intel, AMD, ARM all have the same
> vulnerability
>From my very superficial reading (I hope to get some time to read this
weekend), the bad news here is that it's not just one vulnerability,
it is a whole class of vulnerabilities exposed by speculative
execution in most modern microprocessors. There are a couple of words
thrown around, viz. meltdown and spectre. Meltdown is fixed with the
kernel patches but Spectre still remains largely unfixed since it is a
whole bunch of vulnerabilities related to branch target prediction and
speculative execution. I believe there's a linker patch floating
around that tries to fix one of them. I don't know what the microcode
fixes do, although I suspect they probably add a barrier to block
speculative execution across privilege boundaries so that they're at
least as secure as AMD.
Meltdown is strictly x86-specific while Spectre is what affects all
modern out-of-order execution based microprocessors.
We'll probably see many many papers and exploits in the coming months
because this is basically a new research area that's opened up.
Siddhesh
--
http://siddhesh.in
More information about the plug-mail
mailing list