Intel hardware bug
Freddie Cash
fjwcash at gmail.com
Sat Jan 6 21:37:21 UTC 2018
On Jan 6, 2018 11:55 AM, "John-Mark Gurney" <jmg at funkthat.com> wrote:
Freddie Cash wrote this message on Fri, Jan 05, 2018 at 11:53 -0800:
> Spectre (aka CVE-2017-5715 and CVE-2017-5753) is the issue that affects
all
> CPUs (Intel, AMD, ARM, IBM, Oracle, etc) and allows userland processes to
> read memory assigned to other userland processes (but does NOT give access
> to kernel memory).
No, Spectre does not allow one userland process to read another userland
process's memory.. It allows an attacker to read any memory within the
same process.
That's variant 1 of Spectre.
Variant 2 crosses process boundaries. It's the one that has VM hosting
systems worried as a process running in VM1 can read memory assigned to VM2.
Cheers,
Freddie
More information about the freebsd-security
mailing list