[sf-lug] CPU security bugs quite recently disclosed: Re: Intel's Meltdown and Spectre flaws

Michael Paoli Michael.Paoli at cal.berkeley.edu
Thu Jan 4 11:11:49 PST 2018


It's much more than just Intel (as was earlier speculated).

A lot more information has come out in the last approximately 24 hours.

Linux kernel.org kernel is patched; distributions - patch status (and
release thereof) varies by distribution.  Most of the information ended
up coming out sooner than the earlier agreed upon embargo date.

From: Paoli, Michael
Sent: Thursday, January 04, 2018 9:48 AM
Subject: Security: MOST CPUs impacted! RE: Intel/Linux security  
updates forthcoming?

Lots more information on it out there now - I think I also saw
information for Red Hat.  Still going over the info.
Here are a few more links slightly further below. (see also referenced
emails further below too):

Last I read hadn't seen general reports of exploits in the wild yet ...
at least beyond some information/demonstrations of how to exploit ...
exploits in the wild will likely happen soon - if they've not yet
already started.  Some vendors/distributions may still be playing
catch-up on patches (or final versions thereof) - this ended up leaking
(in bits), then going going quite public, before the original agreed
upon embargo date.

https://www.reddit.com/r/sysadmin/comments/7o39et/meltdown_spectre_megathread/

From: Michael Paoli
Sent: Thursday, January 04, 2018 4:19 AM
To: Paoli, Michael
Subject: [E] CPU security

https://www.reddit.com/r/sysadmin/comments/7nyhc5/meltdown_and_spectre/
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

From: Paoli, Michael
Sent: Tuesday, January 02, 2018 4:48 PM
Subject: RE: Intel/Linux security updates forthcoming?

More "chatter", etc. on same, e.g.:
https://it.slashdot.org/story/18/01/02/221254/kernel-memory-leaking-intel-processor-design-flaw-forces-linux-windows-redesign
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

From: Paoli, Michael
Sent: Tuesday, January 02, 2018 10:08 AM
Subject: Intel/Linux securit updates forthcoming?

Stumbled across these ... unknown how speculative these are or may be,
but sounds like there may be some significant Intel/Linux security
updates coming out soon.

From: Michael Paoli
Sent: Tuesday, January 02, 2018 8:37 AM
To: Paoli, Michael
Subject: [E] Security?

https://www.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/
https://news.ycombinator.com/item?id=16046636


> From: "Daniel Gimpelevich" <daniel at gimpelevich.san-francisco.ca.us>
> Subject: Re: [sf-lug] Intel's Meltdown and Spectre flaws
> Date: Thu, 04 Jan 2018 09:34:29 -0800

> On Thu, 2018-01-04 at 17:24 +0000, acohen36 wrote:
>> Anyone have further thoughts on Meltdown and Spectre?
>> Helpful insights on this from Rick M, Akkana P, and others?
>
> It was my understanding that Meltdown affects only Intel chips, and not
> AMD or ARM, while Spectre is the one that affects all modern processors
> from all three, and there seems to be a bit of confusion as to whether
> it also affects MIPS. Was this incorrect?




More information about the sf-lug mailing list