From: valdis.kletnieks@vt.edu
To: Dave Taht <dave.taht@gmail.com>
Cc: "dpreed@deepplum.com" <dpreed@deepplum.com>,
Jonathan Morton <chromatix99@gmail.com>,
cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] KASLR: Do we have to worry about other arches than x86?
Date: Thu, 04 Jan 2018 16:51:08 -0500 [thread overview]
Message-ID: <134949.1515102668@turing-police.cc.vt.edu> (raw)
In-Reply-To: <CAA93jw5AeF_0=Ph=wXVZws5B3uiHisvwagAD20jSxRH5T6ms6A@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1942 bytes --]
On Thu, 04 Jan 2018 13:40:28 -0800, Dave Taht said:
> I guess I'm hoping for simple patches to the microcode to arrive next
> week, even simply stuff to disable the branch predictor or speculative
> execution, something simple, slow, and sane.
In my inbox this morning. I have *no* idea why Intel is allegedly shipping a
microcode fix for something believed to not be fixable via microcode. It
may be this is a fix for only this one variant of the attack, and the other
two require kernel hacks.
Summary:
An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
The microcode_ctl packages provide microcode updates for Intel and AMD processors.
Security Fix(es):
* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a commonly used
performance optimization). There are three primary variants of the issue which
differ in the way the speculative execution can be exploited. Variant
CVE-2017-5715 triggers the speculative execution by utilizing branch target It
relies on the presence of a precisely-defined instruction sequence in the
privileged code as well as the fact that memory accesses may cause allocation
into the microprocessor's data cache even for speculatively executed
instructions that never actually commit (retire). As a result, an unprivileged
attacker could use this flaw to cross the syscall and guest/host boundaries and
read privileged memory by conducting targeted cache side-channel attacks.
(CVE-2017-5715)
Note: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation.
injection.
[-- Attachment #2: Type: application/pgp-signature, Size: 486 bytes --]
next prev parent reply other threads:[~2018-01-04 21:51 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-01 23:08 Dave Taht
[not found] ` <CAJq5cE23bbiPE0a_9zd1VLnO7=c7bjmwwxVwaD2=to3fg5TOjA@mail.gmail.com>
2018-01-01 23:27 ` Jonathan Morton
2018-01-02 19:06 ` Jonathan Morton
2018-01-04 12:09 ` Jonathan Morton
2018-01-04 13:38 ` Dave Taht
2018-01-04 13:48 ` Jonathan Morton
2018-01-04 13:59 ` Dave Taht
2018-01-04 14:49 ` Jonathan Morton
2018-01-04 14:53 ` Dave Taht
2018-01-04 20:28 ` dpreed
2018-01-04 21:20 ` Jonathan Morton
2018-01-04 21:40 ` Dave Taht
2018-01-04 21:51 ` valdis.kletnieks [this message]
2018-01-04 21:44 ` Joel Wirāmu Pauling
2018-01-04 21:47 ` Dave Taht
2018-01-04 21:52 ` Joel Wirāmu Pauling
2018-01-04 21:54 ` Dave Taht
2018-01-04 21:57 ` Joel Wirāmu Pauling
[not found] ` <1515103187.670416570@apps.rackspace.com>
2018-01-04 22:02 ` Joel Wirāmu Pauling
[not found] ` <1515103048.715224709@apps.rackspace.com>
2018-01-04 22:00 ` Joel Wirāmu Pauling
2018-01-04 22:09 ` dpreed
2018-01-04 22:13 ` Joel Wirāmu Pauling
2018-01-04 22:15 ` Dave Taht
2018-01-04 22:26 ` Jonathan Morton
2018-01-04 22:35 ` Joel Wirāmu Pauling
2018-01-04 22:58 ` [Cerowrt-devel] Spectre and EBPF JIT dpreed
2018-01-05 4:53 ` Dave Taht
2018-01-05 14:07 ` Jonathan Morton
2018-01-05 15:35 ` dpreed
2018-01-05 19:18 ` Jonathan Morton
2018-01-05 20:15 ` David Lang
2018-01-04 22:02 [Cerowrt-devel] KASLR: Do we have to worry about other arches than x86? dpreed
2018-01-04 22:02 dpreed
2018-01-04 22:04 ` Dave Taht
2018-01-04 22:12 ` dpreed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=134949.1515102668@turing-police.cc.vt.edu \
--to=valdis.kletnieks@vt.edu \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=chromatix99@gmail.com \
--cc=dave.taht@gmail.com \
--cc=dpreed@deepplum.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox