1 |
No guarantees on accuracy... |
2 |
|
3 |
Meltdown CVE-2017-5754 (Variant3) - userspace reads kernel memory. Intel |
4 |
vulnerable, AMD not vulnerable. Issue is mitigated with KPTI (in kernel |
5 |
4.14.11, Security Options -> Remove the kernel mapping in user mode |
6 |
(CONFIG_PAGE_TABLE_ISOLATION), on by default for all archs in this version, |
7 |
disabled by default for AMD CPUs in git 4.15). KPTI incurs a performance |
8 |
hit. |
9 |
|
10 |
Spectre CVE-2017-5753 (Variant1) and CVE-2017-5715 (Variant2) - |
11 |
applications read other applications memory. Intel, AMD, ARM all |
12 |
vulnerable. |
13 |
Re Variant1, AMD says "Resolved by software / OS updates to be made |
14 |
available by system vendors and manufacturers. Negligible performance |
15 |
impact expected." |
16 |
Re Variant2, AMD says "Differences in AMD architecture mean there is a near |
17 |
zero risk of exploitation of this variant. Vulnerability to Variant 2 has |
18 |
not been demonstrated on AMD processors to date." |
19 |
|
20 |
Ref: |
21 |
http://www.amd.com/en/corporate/speculative-execution |
22 |
https://meltdownattack.com/ |
23 |
http://www.tomshardware.com/forum/id-3609004/cpu-security-vulnerabilities-information.html |