Intel hardware bug
C Bergström
cbergstrom at pathscale.com
Fri Jan 5 14:55:36 UTC 2018
On Fri, Jan 5, 2018 at 8:42 PM, Eric McCorkle <eric at metricspace.net> wrote:
> On 01/05/2018 05:07, Jules Gilbert wrote:
> > Sorry guys, you just convinced me that no one, not the NSA, not the FSB,
> > no one!, has in the past, or will in the future be able to exploit this
> > to actually do something not nice.
>
> Attacks have already been demonstrated, pulling secrets out of kernel
> space with meltdown and http headers/passwords out of a browser with
> spectre. Javascript PoCs are already in existence, and we can expect
> them to find their way into adware-based malware within a week or two.
>
> Also, I'd be willing to bet you a year's rent that certain three-letter
> organizations have known about and used this for some time.
>
> > So what is this, really?, it's a market exploit opportunity for AMD.
>
> Don't bet on it. There's reports of AMD vulnerabilities, also for ARM.
> I doubt any major architecture is going to make it out unscathed. (But
> if one does, my money's on Power)
>
Nope, the only arch that I'm aware of that gets past this is SPARC(hah!)
due to the seperate userland and kernel memory virtualization.
More information about the freebsd-arch
mailing list