Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 5 Jan 2018 15:12:50 -0500
From:      Jan Knepper <jan@digitaldaemon.com>
To:        Freddie Cash <fjwcash@gmail.com>
Cc:        Freebsd Security <freebsd-security@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>
Subject:   Re: Intel hardware bug
Message-ID:  <65e5dcae-b973-a54e-868e-bdc4abf007cb@digitaldaemon.com>
In-Reply-To: <CAOjFWZ6cJ8C%2BhuRukZ39pW%2B7dkfZmZaC81YkXS6OovX9PB6XbQ@mail.gmail.com>
References:  <20180105191145.404BC335@spqr.komquats.com> <CAOjFWZ6cJ8C%2BhuRukZ39pW%2B7dkfZmZaC81YkXS6OovX9PB6XbQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thank you!

The news indeed does not properly understand the difference, nor which 
problem affects which hardware/CPU and in many ways acts like it is "the 
end of the world".



On 01/05/2018 14:53, Freddie Cash wrote:
> On Fri, Jan 5, 2018 at 11:11 AM, Cy Schubert <Cy.Schubert@cschubert.com>
> wrote:
>
>> According to a Red Hat announcement, Power and Series z are also
>> vulnerable.
>> ​
>>
> ​There's a lot of confusion in the media, press releases, and announcements
> due to conflating Spectre and Meltdown.
>
> Meltdown (aka CVE-2017-5754) is the issue that affects virtually all Intel
> CPUs and specific ARM Cortex-A CPUs.  This allows read-access to kernel
> memory from unprivileged processes (ring 3 apps get read access to ring 0
> memory).​  IBM POWER, Oracle Sparc, and AMD Zen are not affected by this
> issue as they provide proper separation between kernel memory maps and
> userland memory maps; or they aren't OoO architectures that use speculative
> execution in this manner.
>
> Spectre (aka CVE-2017-5715 and CVE-2017-5753) is the issue that affects all
> CPUs (Intel, AMD, ARM, IBM, Oracle, etc) and allows userland processes to
> read memory assigned to other userland processes (but does NOT give access
> to kernel memory).
>
> ​IOW, POWER and Sparc are vulnerable to Spectre, but not vulnerable to
> Meltdown.
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?65e5dcae-b973-a54e-868e-bdc4abf007cb>