Difference between revisions of "Speculative Execution Vulnerabilities of 2018"

From RCS Wiki
Jump to navigation Jump to search
(add red hat ref)
(add meltdown patch information)
Line 15: Line 15:
 
|}
 
|}
  
At this time we know that [[POWER9|POWER9]], [[POWER8|POWER8]], [[POWER8E|POWER8E]], POWER7+, POWER6, and certain PowerPC architectures are affected. <ref>IBM PSIRT Blog post, [https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ Potential Impact on Processors in the POWER family]</ref><ref>TenFourFox Development blog post, [https://tenfourfox.blogspot.co.at/2018/01/actual-field-testing-of-spectre-on.html Actual field testing of Spectre on various Power Macs]</ref><ref>Raptor Engineering GNU Social [https://social.raptorengineering.io/conversation/731 notices about POWER8 and POWER9 vulnerability]</ref><ref>Red Hat security page for [https://access.redhat.com/security/vulnerabilities/speculativeexecution Kernel Side-Channel Attacks]</ref>
+
At this time we know that [[POWER9|POWER9]], [[POWER8|POWER8]], [[POWER8E|POWER8E]], POWER7+, POWER6, and certain PowerPC architectures are affected by at least some of these vulnerabilities. <ref>IBM PSIRT Blog post, [https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ Potential Impact on Processors in the POWER family]</ref><ref>TenFourFox Development blog post, [https://tenfourfox.blogspot.co.at/2018/01/actual-field-testing-of-spectre-on.html Actual field testing of Spectre on various Power Macs]</ref><ref>Raptor Engineering GNU Social [https://social.raptorengineering.io/conversation/731 notices about POWER8 and POWER9 vulnerability]</ref><ref>Red Hat security page for [https://access.redhat.com/security/vulnerabilities/speculativeexecution Kernel Side-Channel Attacks]</ref>
 +
 
 +
== CVE-2017-5754 (Meltdown) ==
 +
 
 +
POWER7, POWER8, and POWER9 are patched from CVE-2017-5754 by purging the L1 cache when context switching to a less privileged process, as the vulnerability on these architectures affects L1 but not L2 cache.<ref>Larabel, Michael. [https://www.phoronix.com/scan.php?page=news_item&px=PowerPC-Mem-Protection-Keys PowerPC Memory Protection Keys In For Linux 4.16, Power Has Meltdown Mitigation In 4.15]. 2018-01-22</ref>
  
 
== External Links ==
 
== External Links ==

Revision as of 00:39, 23 January 2018

In January of 2018, news of three speculative execution vulnerabilities was made public.

CVE Group
CVE-2017-5715 Spectre
CVE-2017-5753 Spectre
CVE-2017-5754 Meltdown

At this time we know that POWER9, POWER8, POWER8E, POWER7+, POWER6, and certain PowerPC architectures are affected by at least some of these vulnerabilities. [1][2][3][4]

CVE-2017-5754 (Meltdown)

POWER7, POWER8, and POWER9 are patched from CVE-2017-5754 by purging the L1 cache when context switching to a less privileged process, as the vulnerability on these architectures affects L1 but not L2 cache.[5]

External Links

References