[Cerowrt-devel] KASLR: Do we have to worry about other arches than x86?
chromatix99 at gmail.com
Thu Jan 4 07:09:30 EST 2018
Okay, it's a little bit more nuanced than I thought. In fact there are *three* different CPU hardware vulnerabilities just disclosed. I've summarised the impact in this Reddit post:
The TL;DR version is:
- Spectre v2 affects most recent Intel CPUs and some recent, high-performance ARM CPU cores, but not AMD to any significant degree. On vulnerable CPUs, it allows a local attacker to exfiltrate data from privileged address space.
- Meltdown is the nasty one which Linux kernel devs have been scrambling to mitigate. So far, it is known to affect only Intel x86 CPUs, due to their unusually aggressive speculative behaviour regarding L1 cache hits. On vulnerable CPUs, it allows a local attacker to exfiltrate data from privileged address space.
I don't think we need to worry about it too much in a router context. Virtual server folks, OTOH...
- Jonathan Morton
More information about the Cerowrt-devel