Gentoo Archives: gentoo-user

From: Adam Carter <adamcarter3@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Spectre and Meltdown summary
Date: Thu, 04 Jan 2018 11:50:08
No guarantees on accuracy...

Meltdown CVE-2017-5754 (Variant3) - userspace reads kernel memory. Intel
vulnerable, AMD not vulnerable. Issue is mitigated with KPTI (in kernel
4.14.11, Security Options -> Remove the kernel mapping in user mode
(CONFIG_PAGE_TABLE_ISOLATION), on by default for all archs in this version,
disabled by default for AMD CPUs in git 4.15). KPTI incurs a performance

Spectre CVE-2017-5753 (Variant1) and CVE-2017-5715 (Variant2) -
applications read other applications memory. Intel, AMD, ARM all
Re Variant1, AMD says "Resolved by software / OS updates to be made
available by system vendors and manufacturers. Negligible performance
impact expected."
Re Variant2, AMD says "Differences in AMD architecture mean there is a near
zero risk of exploitation of this variant. Vulnerability to Variant 2 has
not been demonstrated on AMD processors to date."



Subject Author
[gentoo-user] Re: Spectre and Meltdown summary Adam Carter <adamcarter3@×××××.com>