[svlug] Intel CPUs' Kernel Page Table Isolation (KPTI) fix

Rick Moen rick at linuxmafia.com
Thu Jan 4 12:56:31 PST 2018

Quoting Sarah Newman (newmans at sonic.net):

> There are actually 3 different classes of vulnerabilities. It's not just intel. https://developer.arm.com/support/security-update

Good point.  Google's Security Blog has a very general rundown about
these findings from the Project Zero researcher:
It's pretty woefully deficient on specifics.  
https://meltdownattack.com/ (from the researchers) is better, and 
the ARM page at least outlines the three attacks and gives their CVEs:

Variant 1: bounds check bypass (CVE-2017-5753)    [RM: Spectre]
Variant 2: branch target injection (CVE-2017-5715)[RM: Spectre]
Variant 3: rogue data cache load (CVE-2017-5754)  [RM: Meltdown - Intel-specific]

Which ARM cores aren't and aren't affected by Spectre is shown on the
ARM page.  In general terms, _some_ 64-bit Intel, AMD, and ARM
processors are affected by Spectre, specifically those with 'speculative
execution'.  https://developer.arm.com/support/security-update

C code to test for the Spectre vulnerability:

As to Meltdown and Intel CPUs, researchers' claim is that 'every Intel
processor which implements out-of-order execution is potentially
affected, which is effectively every processor since 1995 (except Intel
Itanium and Intel Atom before 2013)'.
They says it's not been confirmed yet on anything but Intel CPUs, e.g.,
not yet on ARM, AMD, MIPS, SPARC64, etc.

The patches for Linux, MS-Windows, and OS X adress Meltdown; fixing
Spectre is a work in progress, i.e., there are experimental Linux
patches for one of the two Spectre attacks, Variant 2:

Here's part of the work on Variant 1:

I have to say that 'Don't worry and just run Javascript from arbitrary
locations on the Web' is looking like an even worse idea than before,
given these side-channel exploits against system RAM.

I think _way_ more people other than VPS vendors need to be worried.

More information about the svlug mailing list