Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 Jan 2018 22:01:45 -0500
From:      Eric McCorkle <eric@metricspace.net>
To:        freebsd-security@freebsd.org
Subject:   Re: Intel hardware bug
Message-ID:  <0bb7ffc6-fa51-98db-9dc1-1bd49e1c7b44@metricspace.net>
In-Reply-To: <867esy2vwz.fsf@desk.des.no>
References:  <19097.1515012519@segfault.tristatelogic.com> <02563ce4-437c-ab96-54bb-a8b591900ba0@FreeBSD.org> <7C58A6DB-0760-4E5A-B65D-2ED6A6B7AAD2@acsalaska.net> <867esy2vwz.fsf@desk.des.no>

next in thread | previous in thread | raw e-mail | index | archive | help
On 01/03/2018 21:35, Dag-Erling Smørgrav wrote:
> "David M. Syzdek" <david.syzdek@acsalaska.net> writes:
>> They did not say it is *NOT* a bug, just that it is not a bug unique
>> to Intel.  [...] Additionally, they indirectly imply that both AMD and
>> ARM chips are affected by the same bug, however this is, at least in
>> AMD’s case, appears to be directly refuted [...] by AMD:
> 
> There are three different issues.  One of them (CVE-2017-5754, labeled
> “Meltdown”) is easily mitigated and has so far only been shown to affect
> Intel processors.  The other two (CVE-2017-5753 and CVE-2017-5715,
> collectively labeled “Spectre”) affect AMD and ARM processors as well
> and have no known workaround.
> 
> So far, it has been shown that an unprivileged process can read data
> from the kernel (Meltdown) and other processes (Spectre), and that a
> privileged process in a VM can read data from the host and presumably
> also from other VMs on the same host (Spectre).

That right there is enough to pluck things like TLS session keys, GELI
master keys, and anything else on that level out of kernel memory.

Given enough skill, resources, and motivation, it's likely that an
attacker could craft a javascript-based version of the attack, then
every javascript website (aka all of them) is a potential attack vector.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0bb7ffc6-fa51-98db-9dc1-1bd49e1c7b44>