Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 5 Jan 2018 11:53:39 -0800
From:      Freddie Cash <fjwcash@gmail.com>
To:        Cy Schubert <Cy.Schubert@cschubert.com>
Cc:        Freebsd Security <freebsd-security@freebsd.org>,  "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject:   Re: Intel hardware bug
Message-ID:  <CAOjFWZ6cJ8C%2BhuRukZ39pW%2B7dkfZmZaC81YkXS6OovX9PB6XbQ@mail.gmail.com>
In-Reply-To: <20180105191145.404BC335@spqr.komquats.com>
References:  <20180105191145.404BC335@spqr.komquats.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 5, 2018 at 11:11 AM, Cy Schubert <Cy.Schubert@cschubert.com>
wrote:

> According to a Red Hat announcement, Power and Series z are also
> vulnerable.
> =E2=80=8B
>

=E2=80=8BThere's a lot of confusion in the media, press releases, and annou=
ncements
due to conflating Spectre and Meltdown.

Meltdown (aka CVE-2017-5754) is the issue that affects virtually all Intel
CPUs and specific ARM Cortex-A CPUs.  This allows read-access to kernel
memory from unprivileged processes (ring 3 apps get read access to ring 0
memory).=E2=80=8B  IBM POWER, Oracle Sparc, and AMD Zen are not affected by=
 this
issue as they provide proper separation between kernel memory maps and
userland memory maps; or they aren't OoO architectures that use speculative
execution in this manner.

Spectre (aka CVE-2017-5715 and CVE-2017-5753) is the issue that affects all
CPUs (Intel, AMD, ARM, IBM, Oracle, etc) and allows userland processes to
read memory assigned to other userland processes (but does NOT give access
to kernel memory).

=E2=80=8BIOW, POWER and Sparc are vulnerable to Spectre, but not vulnerable=
 to
Meltdown.

--=20
Freddie Cash
fjwcash@gmail.com



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ6cJ8C%2BhuRukZ39pW%2B7dkfZmZaC81YkXS6OovX9PB6XbQ>