Intel hardware bug
Jan Knepper
jan at digitaldaemon.com
Fri Jan 5 20:20:18 UTC 2018
Thank you!
The news indeed does not properly understand the difference, nor which
problem affects which hardware/CPU and in many ways acts like it is "the
end of the world".
On 01/05/2018 14:53, Freddie Cash wrote:
> On Fri, Jan 5, 2018 at 11:11 AM, Cy Schubert <Cy.Schubert at cschubert.com>
> wrote:
>
>> According to a Red Hat announcement, Power and Series z are also
>> vulnerable.
>>
>>
> There's a lot of confusion in the media, press releases, and announcements
> due to conflating Spectre and Meltdown.
>
> Meltdown (aka CVE-2017-5754) is the issue that affects virtually all Intel
> CPUs and specific ARM Cortex-A CPUs. This allows read-access to kernel
> memory from unprivileged processes (ring 3 apps get read access to ring 0
> memory). IBM POWER, Oracle Sparc, and AMD Zen are not affected by this
> issue as they provide proper separation between kernel memory maps and
> userland memory maps; or they aren't OoO architectures that use speculative
> execution in this manner.
>
> Spectre (aka CVE-2017-5715 and CVE-2017-5753) is the issue that affects all
> CPUs (Intel, AMD, ARM, IBM, Oracle, etc) and allows userland processes to
> read memory assigned to other userland processes (but does NOT give access
> to kernel memory).
>
> IOW, POWER and Sparc are vulnerable to Spectre, but not vulnerable to
> Meltdown.
>
More information about the freebsd-arch
mailing list