Announcement

Collapse
No announcement yet.

Linux Kernel Gets Patch For New SpectreRSB Vulnerability

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux Kernel Gets Patch For New SpectreRSB Vulnerability

    Phoronix: Linux Kernel Gets Patch For New SpectreRSB Vulnerability

    Earlier this week SpectreRSB was revealed by University of California researchers as a new Spectre V2 like attack affecting modern processors. A Linux kernel patch is in the works for starting to mitigate SpectreRSB...

    http://www.phoronix.com/scan.php?pag...SB-Linux-Patch

  • #2
    I take it AMD CPUs are not affected?

    Comment


    • #3
      Originally posted by dimko View Post
      I take it AMD CPUs are not affected?
      Not tested so it's unknown. They tested only Intel CPUs.

      Comment


      • #4
        It's amazing that Linux with the most complete Meltdown/SpectreVx mitigation completely destroys Windows and FreeBSD in performance.

        Comment


        • #5
          Originally posted by Pawlerson View Post
          It's amazing that Linux with the most complete Meltdown/SpectreVx mitigation completely destroys Windows and FreeBSD in performance.
          They have mitigations too, though..?

          Comment


          • #6
            Originally posted by starshipeleven View Post
            Not tested so it's unknown. They tested only Intel CPUs.
            There is no official information, but unofficially for AMD it is mitigated, yet

            Spectre Mitigation Update


            7/13/18

            This week, a sub-variant of the original, Google Project (GPZ) variant 1 / Spectre security vulnerability was disclosed by MIT. Consistent with variant 1, we believe this threat can be mitigated through the operating system (OS). AMD is working with the software ecosystem to mitigate variant 1.1 through operating system updates where necessary. We have not identified any AMD x86 products susceptible to the Variant 1.2 vulnerability in our analysis to-date. Please check with your OS provider for the latest information.
            form
            https://www.amd.com/en/corporate/security-updates


            Updated to add

            AMD also says current side-channel mitigations kill SpectreRSB dead. A spokesperson told us:
            AMD is aware of a new research paper on processor speculation and a proposed vulnerability in the return stack buffer. AMD believes its recommended Indirect Branch Prediction Barrier (IBPB) setting mitigates against the described vulnerability. As stated in this AMD Whitepaper, when IBPB is set in software for context switching, the processor enforces that older indirect branches cannot influence predictions of indirect branches in the future, we believe thereby effectively mitigating against the described vulnerability.
            form
            https://www.theregister.co.uk/2018/0..._stack_buffer/

            Comment


            • #7
              Originally posted by Pawlerson View Post
              It's amazing that Linux with the most complete Meltdown/SpectreVx mitigation completely destroys Windows and FreeBSD in performance.
              Depends on your use case. They all have different sets of features which yields different performance for different loads. You pick whichever performs best for you.

              Comment


              • #8
                Are there any actual examples in the wild of anyone getting compromised via any of these vulnerabilities?

                Or is this simply the new performance tax we all have to pay for running a computer? Keeping in mind that performance taxes will cost you real money.
                Last edited by andyprough; 07-26-2018, 11:28 AM.

                Comment


                • #9
                  Well the Saarland University detected this vulnerability independently and contacted Intel, AMD, ARM, Mozilla, Google, Apple, Microsoft and Red Hat in April. Intel validated this vulnerability, while AMD and ARM acknowledged this vulnerability, but there is no evidence that they are affected.

                  Comment


                  • #10
                    spectre , electric boogaloo

                    Comment

                    Working...
                    X