From owner-freebsd-security@freebsd.org Thu Jan 4 03:01:46 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 816C2EC18B2 for ; Thu, 4 Jan 2018 03:01:46 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id 59C1E760BE for ; Thu, 4 Jan 2018 03:01:46 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [172.16.0.82] (unknown [172.16.0.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id AE3CA8403 for ; Thu, 4 Jan 2018 03:01:45 +0000 (UTC) Subject: Re: Intel hardware bug To: freebsd-security@freebsd.org References: <19097.1515012519@segfault.tristatelogic.com> <02563ce4-437c-ab96-54bb-a8b591900ba0@FreeBSD.org> <7C58A6DB-0760-4E5A-B65D-2ED6A6B7AAD2@acsalaska.net> <867esy2vwz.fsf@desk.des.no> From: Eric McCorkle Message-ID: <0bb7ffc6-fa51-98db-9dc1-1bd49e1c7b44@metricspace.net> Date: Wed, 3 Jan 2018 22:01:45 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <867esy2vwz.fsf@desk.des.no> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jan 2018 03:01:46 -0000 On 01/03/2018 21:35, Dag-Erling Smørgrav wrote: > "David M. Syzdek" writes: >> They did not say it is *NOT* a bug, just that it is not a bug unique >> to Intel. [...] Additionally, they indirectly imply that both AMD and >> ARM chips are affected by the same bug, however this is, at least in >> AMD’s case, appears to be directly refuted [...] by AMD: > > There are three different issues. One of them (CVE-2017-5754, labeled > “Meltdown”) is easily mitigated and has so far only been shown to affect > Intel processors. The other two (CVE-2017-5753 and CVE-2017-5715, > collectively labeled “Spectre”) affect AMD and ARM processors as well > and have no known workaround. > > So far, it has been shown that an unprivileged process can read data > from the kernel (Meltdown) and other processes (Spectre), and that a > privileged process in a VM can read data from the host and presumably > also from other VMs on the same host (Spectre). That right there is enough to pluck things like TLS session keys, GELI master keys, and anything else on that level out of kernel memory. Given enough skill, resources, and motivation, it's likely that an attacker could craft a javascript-based version of the attack, then every javascript website (aka all of them) is a potential attack vector.