Speculative Execution Vulnerabilities of 2018

In January of 2018, news of three speculative execution vulnerabilities was made public.

CVE	Group
CVE-2017-5715	Spectre
CVE-2017-5753	Spectre
CVE-2017-5754	Meltdown

At this time we know that POWER9, POWER8, POWER8E, POWER7+, POWER6, and certain PowerPC architectures are affected by at least some of these vulnerabilities. ^[1]^[2]^[3]^[4]

CVE-2017-5754 (Meltdown)

POWER7, POWER8, and POWER9 are patched from CVE-2017-5754 by purging the L1 cache when context switching to a less privileged process, as the vulnerability on these architectures affects L1 but not L2 cache.^[5]

External Links

Websites for Meltdown and Spectre are currently the same

References

↑ IBM PSIRT Blog post, Potential Impact on Processors in the POWER family
↑ TenFourFox Development blog post, Actual field testing of Spectre on various Power Macs
↑ Raptor Engineering GNU Social notices about POWER8 and POWER9 vulnerability
↑ Red Hat security page for Kernel Side-Channel Attacks
↑ Larabel, Michael. PowerPC Memory Protection Keys In For Linux 4.16, Power Has Meltdown Mitigation In 4.15. 2018-01-22

[1] IBM PSIRT Blog post, Potential Impact on Processors in the POWER family

[2] TenFourFox Development blog post, Actual field testing of Spectre on various Power Macs

[3] Raptor Engineering GNU Social notices about POWER8 and POWER9 vulnerability

[4] Red Hat security page for Kernel Side-Channel Attacks

[5] Larabel, Michael. PowerPC Memory Protection Keys In For Linux 4.16, Power Has Meltdown Mitigation In 4.15. 2018-01-22

[1]

[2]

[3]

[4]

[5]

Speculative Execution Vulnerabilities of 2018

CVE-2017-5754 (Meltdown)

External Links

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

Print/export