Speculative Execution Vulnerabilities of 2018

From RCS Wiki
Revision as of 14:08, 30 January 2018 by SiteAdmin (talk | contribs)
Jump to navigation Jump to search

In January of 2018, news of three speculative execution vulnerabilities was made public.

CVE Group
CVE-2017-5715 Spectre
CVE-2017-5753 Spectre
CVE-2017-5754 Meltdown

At this time we know that POWER9, POWER8, POWER8E, POWER7+, POWER6, and certain PowerPC architectures are affected by at least some of these vulnerabilities. [1][2][3][4]

CVE-2017-5754 (Meltdown)

Common Mitigations

POWER7, POWER8, and POWER9 are patched from CVE-2017-5754 by purging the L1 cache when context switching to a less privileged process, as the vulnerability on these architectures affects L1 but not L2 cache.[5] Firmware updates are also required to enable workarounds at the hardware level.[6] [7].

POWER9

Hardware fixes are also in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [8]. In conjunction with the above kernel patch, Meltdown is fully mitigated on the production POWER9 devices.

CVE-2017-5753 (Spectre variant 1)

POWER9

Hardware fixes are in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [8]. With these hardware changes, cross-process attacks via Spectre variant 1 are believed to be fully mitigated on the production POWER9 devices.

CVE-2017-5715 (Spectre variant 2)

POWER9

Hardware fixes are in place for POWER9 Nimbus DD2.2 / Cumulus DD2.1 and above [8]. With these hardware changes, Spectre variant 2 is believed to be mitigated on the production POWER9 devices.

External Links

References