Security Linux Kernel Security Updates for Spectre & Meltdown Vulnerabilities

eva2000 · Jan 5, 2018

There are new Linux Kernel security updates for Spectre & Meltdown vulnerability fixes. Update: May 21, 2018 - Newly found Spectre Variant 4 and 3a vulnerabilities outlined at Security - Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

Other Notes:

Your web host may already have contacted you regarding these as Linux Kernel updates will also require a server reboot.

If you're on OpenVZ VPSes, then Linux kernel updates would be needed on OpenVZ host node level so contact your web host.

If using Xen VPSes, need to wait for a Xen branch Kernel to be available, so again contact your web host.

Details and discussions are available at Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]. You should subscribe/watch the thread for further news and developments as the situation is still fluid and on going.

officially called Meltdown and Spectre

Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 - Red Hat Customer Portal

Spectre CVE-2017-5753 and CVE-2017-5715

Meltdown CVE-2017-5754

p.s. while you updating, might as well update your PHP versions as there are security updates out as well PHP Security Updates: 5.6.33, 7.0.27, 7.1.13, 7.2.1

eva2000 · Jan 5, 2018

More info after you update Redhat/CentOS kernels Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables - Red Hat Customer Portal

The recent speculative execution CVEs address three potential attacks across a wide variety of processor architectures and platforms, each requiring slightly different fixes. In many cases, these fixes also require microcode updates from the hardware vendors.

Red Hat has made updated kernels available to address these security vulnerabilities. These patches are enabled by default (detailed below), because Red Hat prioritizes out of the box security. Speculative execution is a performance optimization technique. Thus, these updates (both kernel and microcode) may result in workload-specific performance degradation. Therefore, some customers who feel confident that their systems are well protected by other means (such as physical isolation), may wish to disable some or all of these kernel patches. If the end user elects to enable the patches in the interest of security, this article provides a mechanism to conduct performance characterizations with and without the fixes enabled.
Click to expand...
For those wanting to disable the fixes for these CVEs to recover the performance loss, two options are available:

Persistently disable - Effective across a reboot
The first option is to disable them via the kernel command line by adding these flags, then reboot the kernel to have them take effect:
Code (Text):
noibrs noibpb nopti
Click to expand...
more suited to before/after kernel update testing of performance impact
Runtime disable - Does not persist through a reboot
The second option is to disable them at runtime with the following three commands. The change is immediately active and does not require a reboot.
Code (Text):
echo 0 > /sys/kernel/debug/x86/pti_enabled
echo 0 > /sys/kernel/debug/x86/ibpb_enabled
echo 0 > /sys/kernel/debug/x86/ibrs_enabled
Click to expand...
Verifying changes
To verify the fixes for these CVEs are correctly disabled, cat the following three files to verify their values are all set to 0.
Code (Text):
cat /sys/kernel/debug/x86/pti_enabled
cat /sys/kernel/debug/x86/ibpb_enabled
cat /sys/kernel/debug/x86/ibrs_enabled
Some applications may still see up to a 2% performance loss even with the above CVE flags set to 0.
Click to expand...
by default i am only setting one of them set to non-zero value as my i7 4790K cpu doesn't have a microcode update available i believe
Code (Text):
cat /sys/kernel/debug/x86/pti_enabled
1

cat /sys/kernel/debug/x86/ibpb_enabled
0

cat /sys/kernel/debug/x86/ibrs_enabled
0
Architectural Defaults
By default, each of the 3 tunables that apply to an architecture will be enabled automatically at boot time, based upon the architecture detected.

Intel Defaults:

pti 1 ibrs 1 ibpb 1 -> fix variant#1 #2 #3
pti 1 ibrs 0 ibpb 0 -> fix variant#1 #3 (for older Intel systems with no microcode update available)

AMD Defaults:
Due to the differences in underlying hardware implementation, AMD X86 systems are not vulnerable to variant #3. The correct default values will be set on AMD hardware based on dynamic checks during the boot sequence.

pti 0 ibrs 0 ibpb 2 -> fix variant #1 #2 if the microcode update is applied
pti 0 ibrs 2 ibpb 1 -> fix variant #1 #2 on older processors that can disable indirect branch prediction without microcode updates
Click to expand...

eva2000 · Jan 6, 2018

For Microsoft windows update fixes be careful to check if your Anti-virus software is compatible first otherwise you'd get BSODs - details Security - Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

eva2000 · Jan 6, 2018

Many Linode users on this forum so a very relevant update as there's a new Linode 4.14.12 Kernel available Available Linux Kernels - Linode

Update: January 8th, 2018 - Linode blog update Linode Blog » CPU Vulnerabilities: Meltdown & Spectre

Update: January 8, 2018

We are continuing to make progress with our internal testing, but are still waiting for microcode updates from our hardware providers. Both the microcode update and the kernel update are required in order to ensure there is proper mitigation to the three variants of Meltdown and Spectre.
Click to expand...

Update: January 7, 2018 - Linode users can switch back from Linode custom 4.14.12 kernel to CentOS distro Kernel for the additional Spectre backported fixes not included in Linux 4.14 upstream Kernels by using guide outlined at Run a Distribution-Supplied Kernel on a KVM Linode

Linode blog update Linode Blog » CPU Vulnerabilities: Meltdown & Spectre

Update: January 5, 2018

We’re continuing to make progress, and wanted to share the latest with you:

The latest stable and longterm Linux kernels were released today with the KPTI / Meltdown patches in place. As such, we have made the 4.14.12 kernel available to you and have set it as the latest. If you are leveraging a Linode kernel, upon your next reboot your Linode will be upgraded to this version. This doesn’t fully mitigate you from the Meltdown and Spectre vulnerabilities, but provides us a good foundation to work with while planning for full remediation.

We’ve had planning sessions with our hardware providers and have been working on implementation plans for kernel, hypervisor, and firmware updates. All of these will be required to get us into a remediated state, but not all of these are available.

We are not expecting much movement on this over the weekend while we wait on external dependencies, but will certainly provide updates here if there is. If not, more updates will be shared here on Monday next week.
Click to expand...

One of my Linode KVM VPS rebooted
Code (Text):
uname -r
4.14.12-x86_64-linode92
Checking Kernel KPTI and related tunables - looks like Linode custom 4.14.12 kernels do not support Redhat/CentOS backported 3.10 kernel's tunable settings
Code (Text):
cat /sys/kernel/debug/x86/pti_enabled
cat: /sys/kernel/debug/x86/pti_enabled: No such file or directory

cat /sys/kernel/debug/x86/ibpb_enabled
cat: /sys/kernel/debug/x86/ibpb_enabled: No such file or directory

cat /sys/kernel/debug/x86/ibrs_enabled
cat: /sys/kernel/debug/x86/ibrs_enabled: No such file or directory

eva2000 · Jan 6, 2018

Nginx response for Meltdown & Spectre NGINX Response to the Meltdown and Spectre Vulnerabilities - NGINX

A process (application) running on a server can use these flaws to access the protected memory used by other processes. The bugs can be exploited between processes and across containers, and even in some cloud and virtual environments.

As with all other processes, memory used by NGINX and NGINX Plus is vulnerable to snooping from another process running on the same host. For servers you control, NGINX, Inc. strongly recommends that you apply the appropriate OS patches to protect against this. For cloud and other platform providers that you use, we strongly recommend that you verify that your provider has applied these patches.

As far as we are aware, NGINX and NGINX Plus themselves do not provide an attack vector that a remote user can use to exploit these vulnerabilities. Even if such an attack vector were discovered, it may not be possible to prevent it, so applying the recommended OS patches is a priority.

The appropriate advisories are listed at Meltdown and Spectre.

We also advise rotating sensitive data – such as authentication credentials and private keys – stored on vulnerable hardware, because both local attacks and remote attacks are generally impossible to detect. This is a higher priority for cloud‑hosted servers, where it may be easier to mount such attacks.

Once the patches are applied, processes that perform large numbers of system calls reportedly will incur a performance penalty due to the impact of the patches. NGINX and NGINX Plus, for example, may therefore require additional CPU resources; monitor the effect of the patch and be prepared to scale up or scale out if necessary.

We are closely following details of these vulnerabilities and will update this notice as more details emerge.
Click to expand...

eva2000 · Jan 6, 2018

cPanel/WHM response Meltdown - CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 - cPanel Knowledge Base - cPanel Documentation

eva2000 · Jan 7, 2018

Intel Intel® Product Security Center

Description:

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Affected products:

For non-Intel based systems please contact your system manufacturer or microprocessor vendor (AMD, ARM, Qualcomm, etc.) for updates.

The following Intel-based platforms are impacted by this issue. Intel may modify this list at a later time. Please check with your system vendor or equipment manufacturer for more information regarding updates for your system.

Intel® Core™ i3 processor (45nm and 32nm)

Intel® Core™ i5 processor (45nm and 32nm)

Intel® Core™ i7 processor (45nm and 32nm)

Intel® Core™ M processor family (45nm and 32nm)

2nd generation Intel® Core™ processors

3rd generation Intel® Core™ processors

4th generation Intel® Core™ processors

5th generation Intel® Core™ processors

6th generation Intel® Core™ processors

7th generation Intel® Core™ processors

8th generation Intel® Core™ processors

Intel® Core™ X-series Processor Family for Intel® X99 platforms

Intel® Core™ X-series Processor Family for Intel® X299 platforms

Intel® Xeon® processor 3400 series

Intel® Xeon® processor 3600 series

Intel® Xeon® processor 5500 series

Intel® Xeon® processor 5600 series

Intel® Xeon® processor 6500 series

Intel® Xeon® processor 7500 series

Intel® Xeon® Processor E3 Family

Intel® Xeon® Processor E3 v2 Family

Intel® Xeon® Processor E3 v3 Family

Intel® Xeon® Processor E3 v4 Family

Intel® Xeon® Processor E3 v5 Family

Intel® Xeon® Processor E3 v6 Family

Intel® Xeon® Processor E5 Family

Intel® Xeon® Processor E5 v2 Family

Intel® Xeon® Processor E5 v3 Family

Intel® Xeon® Processor E5 v4 Family

Intel® Xeon® Processor E7 Family

Intel® Xeon® Processor E7 v2 Family

Intel® Xeon® Processor E7 v3 Family

Intel® Xeon® Processor E7 v4 Family

Intel® Xeon® Processor Scalable Family

Intel® Xeon Phi™ Processor 3200, 5200, 7200 Series

Intel® Atom™ Processor C Series

Intel® Atom™ Processor E Series

Intel® Atom™ Processor A Series

Intel® Atom™ Processor x3 Series

Intel® Atom™ Processor Z Series

Intel® Celeron® Processor J Series

Intel® Celeron® Processor N Series

Intel® Pentium® Processor J Series

Intel® Pentium® Processor N Series

Click to expand...

eva2000 · Jan 9, 2018

Meltdown and Spectre get their own Wiki entries

Meltdown (security vulnerability) - Wikipedia

Spectre (security vulnerability) - Wikipedia

some goods on Android side at least for Meltdown (but not for Spectre)

ARM has reported that the majority of their processors are not vulnerable, and published a list of the specific processors that are affected. The ARM Cortex-A75 core is affected directly by both Meltdown and Spectre vulnerabilities, and Cortex-R7, Cortex-R8, Cortex-A8, Cortex-A9, Cortex-A15, Cortex-A17, Cortex-A57, Cortex-A72 and Cortex-A73 cores are affected only by the Spectre vulnerability.[39] This contradicts some early statements made about the Meltdown vulnerability as being Intel-only.[40]

A large portion of the current mid-range Android handsets use the Cortex-A53 or Cortex-A55 in an octa-core arrangement and are not affected by either the Meltdown or Spectre vulnerability as they do not perform out-of-order execution. This includes devices with the Qualcomm Snapdragon 630, Snapdragon 626, Snapdragon 625, and all Snapdragon 4xx processors based on A53 or A55 cores.[41] Also, all Raspberry Pi computers are not vulnerable to either Meltdown or Spectre.[42]
Click to expand...

As of 2018, almost every computer system is affected by Spectre, including desktops, laptops, and mobile devices. Specifically, Spectre has been shown to work on Intel, AMD, and ARM-based processors.[16][17] Intel responded to the reported security vulnerabilities with an official statement.[18] According to a statement by AMD, vulnerability to one of the two Spectre variants hadn't been demonstrated on AMD processors.[19]
Click to expand...

eva2000 · Jan 10, 2018

Dell and bios updates Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products | Dell Australia

CVE ID: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Dell is aware of the new side-channel analysis vulnerabilities, known as Meltdown and Spectre, affecting many modern microprocessors that were discovered and published by a team of security researchers on January 3, 2018. No "real-world" exploits of these vulnerabilities have been reported to date, though researchers have produced proof-of-concepts.

Patch Guidance:
There are two essential components that need to be applied to mitigate the above-mentioned vulnerabilities:

Apply the firmware update via BIOS update listed below, see the table in Dell Consumer and Commercial Client Products Affected section below.

Apply the applicable operating system patch, see the OS Patch Guidance section below.

Click to expand...

Looks like I need to update my Dell Inspiron 13 7000 (D7378) too

eva2000 · Jan 13, 2018

AMD more vulnerable that initially thought AMD CPUs Are Potentially Vulnerable To Spectre / Variant 2 - Phoronix ?

AMD's updated statement by Mark Papermaster reads, "While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat."

AMD will be rolling out new microcode updates for Ryzen/EPYC starting this week. For Linux users they also acknowledge the work being done on Retpoline for mitigating the threat.

The Retpoline Linux patches continue to be worked on but have yet to be mainlined. It's looking like Retpoline will likely land for Linux 4.16. There are also needed LLVM / GCC patches too, which have yet to land but hopefully will still make it for the upcoming GCC 8.0 release.

AMD's updated processor security statement can be read at AMD.com. AMD remains certain they are not vulnerable to the Meltdown vulnerability affecting Intel CPUs.
Click to expand...

eva2000 · Jan 13, 2018

Not good news at all, Intel cpu microcode updates causing system crashes Intel Xeon E5 V3 and V4 Servers See More Reboots After Meltdown and Spectre Fixes

Recently, we became aware of a stability issue that was confirmed by Intel, on the Broadwell-EP and Haswell-EP (Xeon E5 V3 and V4 series) CPUs that is causing stability issues due to new Intel microcode released as part of the patching process for Meltdown and Spectre. We are seeing evidence that the recently released fixes are causing more crashes and reboots on impacted systems.
Click to expand...

Our takeaway is that there must be a reason vendors have still not updated the Haswell/ Broadwell generation microcode. Then, Intel released a statement on the matter:

We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to directly discuss the issue.
Click to expand...

(Source: Intel)
Click to expand...

eva2000 · Jan 18, 2018

Looks like new firmware and microcode updates are available on Redhat/CentOS 6/7 at least Red Hat Customer Portal

Description
The microcode_ctl packages provide microcode updates for Intel and AMD processors.

This update supersedes microcode provided by Red Hat with the CVE-2017-5715 (“Spectre”) CPU branch injection vulnerability mitigation. (Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience.) Further testing has uncovered problems with the microcode provided along with the “Spectre” mitigation that could lead to system instabilities. As a result, Red Hat is providing an microcode update that reverts to the last known good microcode version dated before 03 January 2018. Red Hat strongly recommends that customers contact their hardware provider for the latest microcode updates.

IMPORTANT: Customers using Intel Skylake-, Broadwell-, and Haswell-based platforms must obtain and install updated microcode from their hardware vendor immediately. The "Spectre" mitigation requires both an updated kernel from Red Hat and updated microcode from your hardware vendor.
Click to expand...
Code (Text):
yum list updates -q
Updated Packages
linux-firmware.noarch                                    20170606-58.gitc990aae.el7_4                                     updates
microcode_ctl.x86_64                                     2:2.1-22.5.el7_4                                                 updates
on my Intel i7 4790K OVH server
Code (Text):
journalctl -b --no-pager | grep microcode | sed -e "s|$(hostname)|hostname|g"
Jan 17 17:51:09 hostname kernel: microcode: microcode updated early to revision 0x22, date = 2017-01-27
Jan 17 17:51:09 hostname kernel: microcode: CPU0 sig=0x306c3, pf=0x2, revision=0x22
Jan 17 17:51:09 hostname kernel: microcode: CPU1 sig=0x306c3, pf=0x2, revision=0x22
Jan 17 17:51:09 hostname kernel: microcode: CPU2 sig=0x306c3, pf=0x2, revision=0x22
Jan 17 17:51:09 hostname kernel: microcode: CPU3 sig=0x306c3, pf=0x2, revision=0x22
Jan 17 17:51:09 hostname kernel: microcode: CPU4 sig=0x306c3, pf=0x2, revision=0x22
Jan 17 17:51:09 hostname kernel: microcode: CPU5 sig=0x306c3, pf=0x2, revision=0x22
Jan 17 17:51:09 hostname kernel: microcode: CPU6 sig=0x306c3, pf=0x2, revision=0x22
Jan 17 17:51:09 hostname kernel: microcode: CPU7 sig=0x306c3, pf=0x2, revision=0x22
Jan 17 17:51:09 hostname kernel: microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
Jan 17 17:51:10 hostname systemd[1]: Starting Load CPU microcode update...
Jan 17 17:51:10 hostname systemd[1]: Started Load CPU microcode update.

eva2000 · Feb 18, 2018

seems like round 2 is about to start Meltdown-Spectre flaws: We've found new attack variants, say researchers | ZDNet

Researchers have developed a tool to uncover new ways of attacking the Meltdown and Spectre CPU side-channel flaws, which may force chipmakers like Intel to re-examine already difficult hardware mitigations.

The tool allowed the researchers to synthesize a software-attack based on a description of a CPU's microarchitecture and an execution pattern that could be attacked.

Though the software attack is specific to a microarchitecture and represent exploits "in their most abstracted form", they can be used to develop fully fledged attacks.
Click to expand...

"By exploiting cache invalidations, MeltdownPrime and SpectrePrime -- two variants of Meltdown and Spectre, respectively -- can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel."

The researchers developed proof-of-concept malware for SpectrePrime and ran it on a MacBook with an Intel Core i7 Processor running a version of macOS Sierra that hadn't received Apple's Meltdown and Spectre patches.

"Averaged over 100 runs, we observed SpectrePrime to achieve the same average accuracy as Spectre on the same hardware -- 97.9 percent for Spectre and 99.95 percent for SpectrePrime," they write.

The mitigations for Meltdown and Spectre have involved a combination of software fixes, such as Microsoft and Linux versions of 'kernel page table isolation', and hardware fixes such as Intel's microcode updates. Both can cause performance overheads.

But while existing software mitigations will probably suffice for these new variants of Meltdown and Spectre, chipmakers like Intel and AMD are likely to need to develop different hardware mitigations, according to the researchers.
Click to expand...

eva2000 · Feb 18, 2018

Meltdown-Spectre: Malware is already being tested by attackers | ZDNet

German antivirus testing firm AV-Test has identified 139 samples of malware that seem to be early attempts at exploiting the Meltdown and Spectre CPU bugs.

"So far, the AV-Test Institute discovered 139 samples that appear to be related to recently reported CPU vulnerabilities. CVE-2017-5715, CVE-2017-5753, CVE-2017-5754," the company wrote on Twitter.

The company has posted SHA-256 hashes of several samples that a check on Google's VirusTotal indicates is being detected by some antivirus engines.
Click to expand...

eva2000 · Mar 12, 2018

Phoronix checks out latest Linux 4.16 kernel with KPTI patches + Reptoline with AMD EPYC 7601 cpu An Early Look At The Linux 4.16 Kernel Performance With AMD EPYC - Phoronix. Interesting to see how Linux 4.16 kernel does considering my early Linux 4.15 tests with AMD 7401P showed much better performance compared to CentOS 7.4's 3.10 Kernels for AMD EPYC.

Interesting comment brought up on the Phoronix forums for this article is that while AMD EPYC isn't affected by Kernel KPTI for Meltdown like Intel is, but CentOS/RHEL yum RPM packages themselves maybe built on Intel based systems initially so the resulting RPM binaries might be affected even if they are installed on AMD EPYC systems ! Luckily, for Centmin Mod users at least Nginx, PHP-FPM, Memcached server and some select PHP extensions are all source compiled rather than using YUM provided RPM binaries so can retain some of that performance on AMD EPYC systems. Also both GCC 8 and Clang 6 have further optimisations for AMD EPYC which will help for Centmin Mod Nginx, PHP-FPM source builds thanks to my work on GCC 8 and Clang 6

For this AMD EPYC Linux kernel benchmarking the following configurations were tested:

- Linux 4.14.0 stable that doesn't contain any Spectre V1 or V2 mitigation for the EPYC system.

- Linux 4.14.24 as the latest 4.14 stable point release at the time of testing that includes both __user pointer sanitization for Spectre Variant One and backported full AMD Retpoline protection for Spectre Variant Two.

- Linux 4.15.0 stable that contained full AMD Retpoline protection but that release hadn't offered any Spectre V1 protection.

- Linux 4.16 Git from this week offering both user pointer sanitization and full AMD Retpoline protection.

- Linux 4.16 Git from the same build but disabling the Retpoline support via the "spectre_v2=off" kernel command-line option. This though still leaves Spectre V1 protection in place.
Click to expand...

eva2000 · Apr 4, 2018

As some folks have guessed, some Intel cpus can not be fixed for Spectre v2 vulnerability and some cpus Intel won't be fixing for Meltdown either Security - Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

Intel has issued new a new "microcode revision guidance" that confesses it won’t address the Meltdown and Spectre design flaws in all of its vulnerable processors – in some cases because it's too tricky to remove the Spectre v2 class of vulnerabilities.

The new guidance, issued April 2, adds a “stopped” status to Intel’s “production status” category in its array of available Meltdown and Spectre security updates. "Stopped" indicates there will be no microcode patch to kill off Meltdown and Spectre.

The guidance explains that a chipset earns “stopped” status because, “after a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons.”
Click to expand...

eva2000 · May 3, 2018

8 new Spectre-NG vulnerabilities
Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical

News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities are grouped and named as Spectre-ng. The newly discovered vulnerabilities would make it really easy to exploit a host from a simple VM.
Click to expand...

Can be discussed at Security - Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

eva2000 · May 22, 2018

Newly found Spectre Variant 4 and 3a vulnerabilities outlined at Security - Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

eva2000 · Nov 15, 2018

Not over yet - 7 new meltdown and spectre vulnerabilities found Security - Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown] !!!

A team of nine academics has revealed today seven new CPU attacks. The seven impact AMD, ARM, and Intel CPUs to various degrees.

Two of the seven new attacks are variations of the Meltdown attack, while the other five are variations on the original Spectre attack -- two well-known attacks that have been revealed at the start of the year and found to impact CPUs models going back to 1995.
Click to expand...

The new Meltdown attacks that the research team discovered are:

Meltdown-BR - exploits an x86 bound instruction on Intel and AMD

Meltdown-PK - bypasses memory protection keys on Intel CPUs

They also tried and failed to exploit other Meltdown attacks that targeted the following internal CPU operations:

Meltdown-AC - tried to exploit memory alignment check exceptions

Meltdown-DE - tried to exploit division (by zero) errors

Meltdown-SM - tried to exploit the supervisor mode access prevention (SMAP) mechanism

Meltdown-SS - tried to exploit out-of-limit segment accesses

Meltdown-UD - tried to exploit invalid opcode exception

Meltdown-XD - tried to exploit non-executable memory

Click to expand...

Based on the chart and table above, researchers found three new Spectre attacks that exploit the Pattern History Table mechanism and two new Spectre attacks against the Branch Target Buffer.

PHT-CA-OP

PHT-CA-IP

PHT-SA-OP

BTB-SA-IP

BTB-SA-OP

CPUs from AMD, ARM, and Intel are all affected by the five new Spectre attacks.
Click to expand...

VENDORS HAVE BEEN NOTIFIED
The research team says they reported all their findings to the three CPU vendors whose processors they've analyzed, but that only ARM and Intel acknowledged their findings.

In addition, the research team also discovered that some vendor mitigations that have been already deployed have also failed to stop the seven new attacks, even if they should have, at least in theory. They provide the following table with the results of their tests of existing mitigations.
Click to expand...

Log in / Register

Forums

Get the most out of your Centmin Mod LEMP stack

Security Linux Kernel Security Updates for Spectre & Meltdown Vulnerabilities

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Get the most out of your Centmin Mod LEMP stack

Security Linux Kernel Security Updates for Spectre & Meltdown Vulnerabilities

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.