| 1 |
No guarantees on accuracy... |
| 2 |
|
| 3 |
Meltdown CVE-2017-5754 (Variant3) - userspace reads kernel memory. Intel |
| 4 |
vulnerable, AMD not vulnerable. Issue is mitigated with KPTI (in kernel |
| 5 |
4.14.11, Security Options -> Remove the kernel mapping in user mode |
| 6 |
(CONFIG_PAGE_TABLE_ISOLATION), on by default for all archs in this version, |
| 7 |
disabled by default for AMD CPUs in git 4.15). KPTI incurs a performance |
| 8 |
hit. |
| 9 |
|
| 10 |
Spectre CVE-2017-5753 (Variant1) and CVE-2017-5715 (Variant2) - |
| 11 |
applications read other applications memory. Intel, AMD, ARM all |
| 12 |
vulnerable. |
| 13 |
Re Variant1, AMD says "Resolved by software / OS updates to be made |
| 14 |
available by system vendors and manufacturers. Negligible performance |
| 15 |
impact expected." |
| 16 |
Re Variant2, AMD says "Differences in AMD architecture mean there is a near |
| 17 |
zero risk of exploitation of this variant. Vulnerability to Variant 2 has |
| 18 |
not been demonstrated on AMD processors to date." |
| 19 |
|
| 20 |
Ref: |
| 21 |
http://www.amd.com/en/corporate/speculative-execution |
| 22 |
https://meltdownattack.com/ |
| 23 |
http://www.tomshardware.com/forum/id-3609004/cpu-security-vulnerabilities-information.html |
Archives