On Wed, 2018-01-03 at 17:48 -0800, Adam Williamson wrote: > > This is certainly not correct. Both the Google researchers and Red > Hat's security team have stated that many other CPUs and CPU families > are affected. ARM has already released a statement acknowledging that > several of their CPUs, including ones very widely used in smartphones > etc., are affected. > > The initial reporting that only Intel CPUs were affected was entirely > wrong. Just to reinforce this, Google's researcher's report: "A PoC that demonstrates the basic principles behind variant 1 in userspace on the tested Intel Haswell Xeon CPU, the AMD FX CPU, the AMD PRO CPU and an ARM Cortex A57 [2]. This PoC only tests for the ability to read data inside mis-speculated execution within the same process, without crossing any privilege boundaries. ... A PoC for variant 1 that, when running with normal user privileges under a modern Linux kernel with a distro-standard config, can perform arbitrary reads in a 4GiB range [3] in kernel virtual memory on the Intel Haswell Xeon CPU. If the kernel's BPF JIT is enabled (non-default configuration), it also works on the AMD PRO CPU." - https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html ARM's disclosure is here: https://developer.arm.com/support/security-update Note that the affected families are most of the ones you're actually likely to care about: the assertion that "The majority of Arm processors are not impacted" is severely misleading, as "the majority of Arm processors" aren't used in applications which would really be subject to attack in this manner. The affected processor families include, by my reading, virtually all ARM processor families used in modern smartphones, tablets and so on (the Cortex-A* families). Red Hat's response is here: https://access.redhat.com/security/vulnerabilities/speculativeexecution and is the first relatively authoritative source to state that System Z (s390) and POWER8 / POWER9 (ppc64) are affected, but this is certainly an accurate statement. By my reading, the basic problematic behaviour here is something virtually all modern CPUs do. Researchers have so far got furthest along in developing practical exploits against Intel CPUs, but it seems extremely unlikely to me that this means AMD CPUs are somehow immune to the problem just because researchers haven't yet managed to get an exploit that crosses a process boundary working on AMD *yet*. Indeed, Google's research demonstrates they certainly *aren't* immune to the basic problem. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
