Difference between revisions of "Speculative Execution Vulnerabilities of 2018"

From RCS Wiki
Jump to navigation Jump to search
m
Line 25: Line 25:
 
=== POWER9 ===
 
=== POWER9 ===
  
Hardware fixes are also in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD2.1 and above <ref>[https://git.raptorcs.com/git/talos-hostboot/commit/?id=fcf7d0e3f5fe8013b8f88a70a4f69cb5c0efc38b Hostboot commit message listing security changes for DDD2.2 / CDD2.1]</ref>.  In conjunction with the above kernel patch, Meltdown is fully mitigated on the production POWER9 devices.
+
Hardware fixes are also in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD2.1 and above <ref name="hostboot-commit-fcf7d0e3">[https://git.raptorcs.com/git/talos-hostboot/commit/?id=fcf7d0e3f5fe8013b8f88a70a4f69cb5c0efc38b Hostboot commit message listing security changes for DDD2.2 / CDD2.1]</ref>.  In conjunction with the above kernel patch, Meltdown is fully mitigated on the production POWER9 devices.
  
 
== CVE-2017-5753 (Spectre variant 1) ==
 
== CVE-2017-5753 (Spectre variant 1) ==
Line 31: Line 31:
 
=== POWER9 ===
 
=== POWER9 ===
  
Hardware fixes are in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD2.1 and above <ref>[https://git.raptorcs.com/git/talos-hostboot/commit/?id=fcf7d0e3f5fe8013b8f88a70a4f69cb5c0efc38b Hostboot commit message listing security changes for DDD2.2 / CDD2.1]</ref>.  With these hardware changes, cross-process attacks via Spectre variant 1 are believed to be fully mitigated on the production POWER9 devices.
+
Hardware fixes are in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD2.1 and above <ref name="hostboot-commit-fcf7d0e3" />.  With these hardware changes, cross-process attacks via Spectre variant 1 are believed to be fully mitigated on the production POWER9 devices.
  
 
== CVE-2017-5753 (Spectre variant 2) ==
 
== CVE-2017-5753 (Spectre variant 2) ==
Line 37: Line 37:
 
=== POWER9 ===
 
=== POWER9 ===
  
Hardware fixes are in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD2.1 and above <ref>[https://git.raptorcs.com/git/talos-hostboot/commit/?id=fcf7d0e3f5fe8013b8f88a70a4f69cb5c0efc38b Hostboot commit message listing security changes for DDD2.2 / CDD2.1]</ref>.  With these hardware changes, Spectre variant 2 is believed to be mitigated on the production POWER9 devices.
+
Hardware fixes are in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD2.1 and above <ref name="hostboot-commit-fcf7d0e3" />.  With these hardware changes, Spectre variant 2 is believed to be mitigated on the production POWER9 devices.
  
 
== External Links ==
 
== External Links ==

Revision as of 12:59, 30 January 2018

In January of 2018, news of three speculative execution vulnerabilities was made public.

CVE Group
CVE-2017-5715 Spectre
CVE-2017-5753 Spectre
CVE-2017-5754 Meltdown

At this time we know that POWER9, POWER8, POWER8E, POWER7+, POWER6, and certain PowerPC architectures are affected by at least some of these vulnerabilities. [1][2][3][4]

CVE-2017-5754 (Meltdown)

Common Mitigations

POWER7, POWER8, and POWER9 are patched from CVE-2017-5754 by purging the L1 cache when context switching to a less privileged process, as the vulnerability on these architectures affects L1 but not L2 cache.[5]

POWER9

Hardware fixes are also in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [6]. In conjunction with the above kernel patch, Meltdown is fully mitigated on the production POWER9 devices.

CVE-2017-5753 (Spectre variant 1)

POWER9

Hardware fixes are in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [6]. With these hardware changes, cross-process attacks via Spectre variant 1 are believed to be fully mitigated on the production POWER9 devices.

CVE-2017-5753 (Spectre variant 2)

POWER9

Hardware fixes are in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [6]. With these hardware changes, Spectre variant 2 is believed to be mitigated on the production POWER9 devices.

External Links

References