On 5 January 2018 at 23:02, shirish शिरीष <shirisha...@gmail.com> wrote: > Dear all, > > While I don't want to be the paranoid one here, the situation here > seems to demand it. > > 3 Days back the Register broke the story of a chip vulnerability - > > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > While it seeked to paint only Intel, it is now learnt that the issue > is across the board, i.e. Intel, AMD, ARM all have the same > vulnerability
From my very superficial reading (I hope to get some time to read this weekend), the bad news here is that it's not just one vulnerability, it is a whole class of vulnerabilities exposed by speculative execution in most modern microprocessors. There are a couple of words thrown around, viz. meltdown and spectre. Meltdown is fixed with the kernel patches but Spectre still remains largely unfixed since it is a whole bunch of vulnerabilities related to branch target prediction and speculative execution. I believe there's a linker patch floating around that tries to fix one of them. I don't know what the microcode fixes do, although I suspect they probably add a barrier to block speculative execution across privilege boundaries so that they're at least as secure as AMD. Meltdown is strictly x86-specific while Spectre is what affects all modern out-of-order execution based microprocessors. We'll probably see many many papers and exploits in the coming months because this is basically a new research area that's opened up. Siddhesh -- http://siddhesh.in _______________________________________________ plug-mail mailing list plug-mail@plug.org.in http://list.plug.org.in/listinfo/plug-mail