From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 99A591382C5 for ; Thu, 4 Jan 2018 11:50:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 15AFCE08C4; Thu, 4 Jan 2018 11:50:03 +0000 (UTC) Received: from mail-ot0-x241.google.com (mail-ot0-x241.google.com [IPv6:2607:f8b0:4003:c0f::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A88A2E0866 for ; Thu, 4 Jan 2018 11:50:02 +0000 (UTC) Received: by mail-ot0-x241.google.com with SMTP id 37so1091815otv.6 for ; Thu, 04 Jan 2018 03:50:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=CXoQjZLJ5FzZ8RH8DZ9HUS86kwoe2q/KPeqs9xiWnik=; b=F+bl2gJlR1IJc728vLtj2/062ZERma6F6M/tvlbFHEpNPniSxLV0SxvjcpXI3vVWEq atdkVMQK5aXuPc7WfdrelhQCfFjOTKFm1Zs6zveS45oKvca+5Yh5NENth8BhVNqq0l7y 2InVQPjCRFvqejydU7A0M6XaIDAfRp+Hp119TVQeUq1gZoeQ+DvzZ9jDnnnLuvc0wVA4 K8q8YZvq8thApJYe23AXmUw50PRS/D32EyrDd9gWsb1Zt6mcEBHqQPqBwwosupGeB2Xs fanxK9b4k0XhxFkySl996O9KW4xOqd2re2CxA3OhaHskEfySDDd1tKmF6g/z2HLbDyAm GqSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=CXoQjZLJ5FzZ8RH8DZ9HUS86kwoe2q/KPeqs9xiWnik=; b=R0soSS6ea4ZD1wvZab0xm/A8NuA6xlaNiR2OtktnbI952E+J/wlRzeBIDf0oinrHa9 sCA+8Z8wct2oTdou5TOUXT4QZ996iqFofp2Z3Xf3edTwzUjJciCADx5QsoQR6D+j+L0L RUui+RHaVyqJap3Wr0NFcwvaz/5D9+RpSmmVPFjtTVIHQwbyM+6cyPSPZ+O8eeuS7pMr 7TYRbJdYEJDYbnDWXHholg4T2LwUr6bIYgEiMDPAaoQnSMJjaWK7sy8Pj7NPOqrqkSbE 0xGMzrSIVSmbmrumPl3fM5AiQJ+A/JTqvxYIw2e6QCuPxS50qZUoCGL+iJl4bVSiYNTf fDUA== X-Gm-Message-State: AKGB3mJ8f9gtjEJ6JULDIUC77jwuBBslKBIpnb0UfCnjaMYR7ZJ3R+Do RWc7vR1D+soeJo1m5qSuN0YcLWeaBaZXnvLp0a796UIl X-Google-Smtp-Source: ACJfBosDn1iWWsvGbIa9CgAf572dKu9lhp/MMxpltQHUIHKd6AegzfNOx1hqj8droL2tw2qzXbnvVhOnQZdckJdwpns= X-Received: by 10.157.85.80 with SMTP id h16mr2403294oti.239.1515066601727; Thu, 04 Jan 2018 03:50:01 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.157.19.65 with HTTP; Thu, 4 Jan 2018 03:50:01 -0800 (PST) From: Adam Carter Date: Thu, 4 Jan 2018 22:50:01 +1100 Message-ID: Subject: [gentoo-user] Spectre and Meltdown summary To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary="f403043ab4d09b6cea0561f1eed7" X-Archives-Salt: e6f2913d-0d2a-46f3-9314-5e90812ebf1d X-Archives-Hash: 11050085e72a8a05aa84e10a89ce3498 --f403043ab4d09b6cea0561f1eed7 Content-Type: text/plain; charset="UTF-8" No guarantees on accuracy... Meltdown CVE-2017-5754 (Variant3) - userspace reads kernel memory. Intel vulnerable, AMD not vulnerable. Issue is mitigated with KPTI (in kernel 4.14.11, Security Options -> Remove the kernel mapping in user mode (CONFIG_PAGE_TABLE_ISOLATION), on by default for all archs in this version, disabled by default for AMD CPUs in git 4.15). KPTI incurs a performance hit. Spectre CVE-2017-5753 (Variant1) and CVE-2017-5715 (Variant2) - applications read other applications memory. Intel, AMD, ARM all vulnerable. Re Variant1, AMD says "Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected." Re Variant2, AMD says "Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date." Ref: http://www.amd.com/en/corporate/speculative-execution https://meltdownattack.com/ http://www.tomshardware.com/forum/id-3609004/cpu-security-vulnerabilities-information.html --f403043ab4d09b6cea0561f1eed7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
No guarantees on accuracy...

Meltdown CVE-2017-5754= (Variant3) - userspace reads kernel memory. Intel vulnerable, AMD not vuln= erable. Issue is mitigated with KPTI (in kernel 4.14.11, Security Options -= > Remove the kernel mapping in user mode (CONFIG_PAGE_TABLE_ISOLATION), = on by default for all archs in this version, disabled by default for AMD CP= Us in git 4.15). KPTI incurs a performance hit.

Spectre CVE-2017-575= 3 (Variant1) and CVE-2017-5715 (Variant2) - applications read other applica= tions memory. Intel, AMD, ARM all vulnerable.
Re Variant1, AMD says &qu= ot;Resolved by software / OS updates to be made available by system vendors= and manufacturers. Negligible performance impact expected."
Re Var= iant2, AMD says "Differences in AMD architecture mean there is a near = zero risk of exploitation of this variant. Vulnerability to Variant 2 has n= ot been demonstrated on AMD processors to date."

Ref:
http://www.amd.= com/en/corporate/speculative-execution
https://meltdownattack.com/
h= ttp://www.tomshardware.com/forum/id-3609004/cpu-security-vulnerabilities-in= formation.html


--f403043ab4d09b6cea0561f1eed7--