Difference between revisions of "Speculative Execution Vulnerabilities of 2018"
m |
m (Fix CVE number) |
||
| Line 33: | Line 33: | ||
Hardware fixes are in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD2.1 and above <ref name="hostboot-commit-fcf7d0e3" />. With these hardware changes, cross-process attacks via Spectre variant 1 are believed to be fully mitigated on the production POWER9 devices. | Hardware fixes are in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD2.1 and above <ref name="hostboot-commit-fcf7d0e3" />. With these hardware changes, cross-process attacks via Spectre variant 1 are believed to be fully mitigated on the production POWER9 devices. | ||
| − | == CVE-2017- | + | == CVE-2017-5715 (Spectre variant 2) == |
=== POWER9 === | === POWER9 === | ||
Revision as of 14:00, 30 January 2018
In January of 2018, news of three speculative execution vulnerabilities was made public.
| CVE | Group |
|---|---|
| CVE-2017-5715 | Spectre |
| CVE-2017-5753 | Spectre |
| CVE-2017-5754 | Meltdown |
At this time we know that POWER9, POWER8, POWER8E, POWER7+, POWER6, and certain PowerPC architectures are affected by at least some of these vulnerabilities. [1][2][3][4]
Contents
CVE-2017-5754 (Meltdown)
Common Mitigations
POWER7, POWER8, and POWER9 are patched from CVE-2017-5754 by purging the L1 cache when context switching to a less privileged process, as the vulnerability on these architectures affects L1 but not L2 cache.[5]
POWER9
Hardware fixes are also in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [6]. In conjunction with the above kernel patch, Meltdown is fully mitigated on the production POWER9 devices.
CVE-2017-5753 (Spectre variant 1)
POWER9
Hardware fixes are in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [6]. With these hardware changes, cross-process attacks via Spectre variant 1 are believed to be fully mitigated on the production POWER9 devices.
CVE-2017-5715 (Spectre variant 2)
POWER9
Hardware fixes are in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [6]. With these hardware changes, Spectre variant 2 is believed to be mitigated on the production POWER9 devices.
External Links
References
- ↑ IBM PSIRT Blog post, Potential Impact on Processors in the POWER family
- ↑ TenFourFox Development blog post, Actual field testing of Spectre on various Power Macs
- ↑ Raptor Engineering GNU Social notices about POWER8 and POWER9 vulnerability
- ↑ Red Hat security page for Kernel Side-Channel Attacks
- ↑ Larabel, Michael. PowerPC Memory Protection Keys In For Linux 4.16, Power Has Meltdown Mitigation In 4.15. 2018-01-22
- ↑ 6.0 6.1 6.2 Hostboot commit message listing security changes for DDD2.2 / CDD2.1
