Gentoo Archives: gentoo-user

From: Adam Carter <adamcarter3@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Spectre and Meltdown summary
Date: Thu, 04 Jan 2018 11:50:08
1 No guarantees on accuracy...
3 Meltdown CVE-2017-5754 (Variant3) - userspace reads kernel memory. Intel
4 vulnerable, AMD not vulnerable. Issue is mitigated with KPTI (in kernel
5 4.14.11, Security Options -> Remove the kernel mapping in user mode
6 (CONFIG_PAGE_TABLE_ISOLATION), on by default for all archs in this version,
7 disabled by default for AMD CPUs in git 4.15). KPTI incurs a performance
8 hit.
10 Spectre CVE-2017-5753 (Variant1) and CVE-2017-5715 (Variant2) -
11 applications read other applications memory. Intel, AMD, ARM all
12 vulnerable.
13 Re Variant1, AMD says "Resolved by software / OS updates to be made
14 available by system vendors and manufacturers. Negligible performance
15 impact expected."
16 Re Variant2, AMD says "Differences in AMD architecture mean there is a near
17 zero risk of exploitation of this variant. Vulnerability to Variant 2 has
18 not been demonstrated on AMD processors to date."
20 Ref:


Subject Author
[gentoo-user] Re: Spectre and Meltdown summary Adam Carter <adamcarter3@×××××.com>