Vulnerabilities such as Meltdown and Spectre
Vulnerabilities such as Meltdown and Spectre are not specifically Linux issues, however they could have a dire effect on Linux machines. I was very surprised to hear that these vulnerabilities could possibly exploit chips that are nearly 20 years old.
It appears to me that developers have the issue with Meltdown well in hand, however I am a bit unclear on Spectre. For my fellow Fedora users, the Fedora Magazine addressed the issue today at: https://fedoramagazine.org/protect-f...stem-meltdown/ |
Should be merged with my topic
https://www.linuxquestions.org/quest...ug-4175620852/ only google named it that way. When I had read about it there was no name for it yet. It seems a very old issue which google just now named it for the public I also saw the slackware guys here are also discussing about it already in their slackware area |
News for Ubuntu
Dustin Kirkland of Canonical has posted updates about Meltdown and Spectre. Included in his post is the following:
"Ubuntu users of the 64-bit x86 architecture (aka, amd64) can expect updated kernels by the original January 9, 2018 coordinated release date, and sooner if possible." His post is at: http://blog.dustinkirkland.com/2018/...n-spectre.html |
Hi cylants,
https://meltdownattack.com/#faq-cve-spectre https://googleprojectzero.blogspot.i...with-side.html Redhat has been reported with below mentioned CVE . You can track official Redhat updates on below LINK https://access.redhat.com/security/cve/cve-2017-5753 https://access.redhat.com/security/cve/cve-2017-5715 https://access.redhat.com/security/cve/cve-2017-5754 |
overall, we are applying compensating controls, not fixing the actual issue.
the issue is at the CPU level. the "fixes" are above that. Intel and the like will need to re-die stuff to make this issue go away. |
This is what happens to un-patched systems. https://www.youtube.com/watch?v=DOxBMzSuk4g
|
CAN perhaps happen now that the vulnerabilities that have been around for "twenty years" have ben publicised for bad hackers to use.
Up to now, no one has reported a single case of anyone taking advantage of the flaw, which, quite honestly, was know and ignored by chip designers for speed reasons, since the flaw was rarely to occur in unforced circumstances. |
Linus Torvalds' Response
This recent email list really points out the failings of Intel. http://lkml.iu.edu/hypermail/linux/k...1.2/04628.html
|
All times are GMT -5. The time now is 03:25 PM. |