Difference between revisions of "Speculative Execution Vulnerabilities of 2018"

From RCS Wiki
Jump to navigation Jump to search
m
m (Fix CVE number)
Line 33: Line 33:
 
Hardware fixes are in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD2.1 and above <ref name="hostboot-commit-fcf7d0e3" />.  With these hardware changes, cross-process attacks via Spectre variant 1 are believed to be fully mitigated on the production POWER9 devices.
 
Hardware fixes are in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD2.1 and above <ref name="hostboot-commit-fcf7d0e3" />.  With these hardware changes, cross-process attacks via Spectre variant 1 are believed to be fully mitigated on the production POWER9 devices.
  
== CVE-2017-5753 (Spectre variant 2) ==
+
== CVE-2017-5715 (Spectre variant 2) ==
  
 
=== POWER9 ===
 
=== POWER9 ===

Revision as of 14:00, 30 January 2018

In January of 2018, news of three speculative execution vulnerabilities was made public.

CVE Group
CVE-2017-5715 Spectre
CVE-2017-5753 Spectre
CVE-2017-5754 Meltdown

At this time we know that POWER9, POWER8, POWER8E, POWER7+, POWER6, and certain PowerPC architectures are affected by at least some of these vulnerabilities. [1][2][3][4]

CVE-2017-5754 (Meltdown)

Common Mitigations

POWER7, POWER8, and POWER9 are patched from CVE-2017-5754 by purging the L1 cache when context switching to a less privileged process, as the vulnerability on these architectures affects L1 but not L2 cache.[5]

POWER9

Hardware fixes are also in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [6]. In conjunction with the above kernel patch, Meltdown is fully mitigated on the production POWER9 devices.

CVE-2017-5753 (Spectre variant 1)

POWER9

Hardware fixes are in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [6]. With these hardware changes, cross-process attacks via Spectre variant 1 are believed to be fully mitigated on the production POWER9 devices.

CVE-2017-5715 (Spectre variant 2)

POWER9

Hardware fixes are in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [6]. With these hardware changes, Spectre variant 2 is believed to be mitigated on the production POWER9 devices.

External Links

References