Gentoo Archives: gentoo-user

From: Adam Carter <adamcarter3@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Spectre and Meltdown summary
Date: Thu, 04 Jan 2018 11:50:08
Message-Id: CAC=wYCHm1ufiDLpFi57u6pZXA06Q5X-nAG88sDyuzuhpzbgf+g@mail.gmail.com
No guarantees on accuracy...

Meltdown CVE-2017-5754 (Variant3) - userspace reads kernel memory. Intel
vulnerable, AMD not vulnerable. Issue is mitigated with KPTI (in kernel
4.14.11, Security Options -> Remove the kernel mapping in user mode
(CONFIG_PAGE_TABLE_ISOLATION), on by default for all archs in this version,
disabled by default for AMD CPUs in git 4.15). KPTI incurs a performance
hit.

Spectre CVE-2017-5753 (Variant1) and CVE-2017-5715 (Variant2) -
applications read other applications memory. Intel, AMD, ARM all
vulnerable.
Re Variant1, AMD says "Resolved by software / OS updates to be made
available by system vendors and manufacturers. Negligible performance
impact expected."
Re Variant2, AMD says "Differences in AMD architecture mean there is a near
zero risk of exploitation of this variant. Vulnerability to Variant 2 has
not been demonstrated on AMD processors to date."

Ref:
http://www.amd.com/en/corporate/speculative-execution
https://meltdownattack.com/
http://www.tomshardware.com/forum/id-3609004/cpu-security-vulnerabilities-information.html

Replies

Subject Author
[gentoo-user] Re: Spectre and Meltdown summary Adam Carter <adamcarter3@×××××.com>