All Questions
11
questions
4
votes
1
answer
5k
views
Sacrificing 30% of my CPU performance (by disabling Hyper-Threading) to fully mitigate CPU vulnerabilities, necessary?
I used the spectre-meltdown-checker, version 0.42, without any option resulting in all-green results. But, in a help page, I found the --paranoid switch, which resulted in about a half of later CVEs ...
3
votes
1
answer
620
views
Do I need microcode update if I update Kernel?
There is a CPU vulnerability Microarchitectural Fill Buffer Data Sampling.
I use a Linux OS and I think to fix Microarchitectural Fill Buffer Data Sampling you need to update intel microcode or ...
1
vote
0
answers
218
views
Software mitigation for variant 3a (rogue system register read) and variant 4 (speculative store bypass)
AFAIK, all mitigable meltdown / spectre variants have software mitigation except for variant 3a and 4. Why is this the case?
For variant 4, a straightforward software mitigation is to place lfence ...
2
votes
1
answer
1k
views
Privacy implications of Intel CPU backdoors [closed]
I didn't follow all the episodes about backdoors in Intel CPUs
What can intelligence or law enforcement agencies potentially do on a computer equipped with a vulnerable Intel CPU (connected to the ...
3
votes
1
answer
414
views
How to fix Spectre variant 3a and variant 4?e
How I can fix CVE-2018-3640 [rogue system register read] aka 'Variant 3a' and CVE-2018-3639 [speculative store bypass] aka 'Variant 4'? My status for them is VULNERABLE. I have Intel CPU and using ...
1
vote
0
answers
275
views
What Spectre V2 patches fixes which vulnerabilties on Linux?
Let's assume I have a computer with a pre-Skylake Intel processor that doesn't have microcode mitigating the Spectre V2 attack. Then to my understanding, if the kernel and all user-space applications ...
2
votes
1
answer
701
views
Meltdown and Spectre regarding Firewalls and Sandboxing [duplicate]
I don't deeply understand Meltdown and Spectre -- all I know is that they are basically keylogging-like vulnerabilities within the CPU, which bypass any application layer stuff; correct me if I'm ...
6
votes
1
answer
439
views
Why does my unpatched system *appear* to not be vulnerable to Spectre?
Since the corresponding research papers offer quite explicit descriptions publicly, I suppose that publishing my code below is not considered as encouraging or endorsing exploits. Nevertheless, I am ...
14
votes
1
answer
839
views
Is anyone seeing a performance decrease after applying recent kernel patch fixing Meltdown and Spectre? [closed]
Our company has a lot of CPU intensive operations on our servers, so the performance decrease is a concern for the organization.
We did the benchmarks, and it seems that performance is almost not ...
5
votes
1
answer
848
views
Reducing resolution of timers as mitigation against Meltdown and Spectre
I have read that Firefox' current mitigation against Meltdown and Spectre (from 57.x) consists of the following:
The resolution of performance.now() will be reduced to 20µs.
The ...
4
votes
1
answer
3k
views
Are Meltdown and Spectre exploitable on 32-bit Linux platforms?
All of the information I've seen thus far on Meltdown and Spectre explicitly reference 64-bit platforms. What about 32-bit (specifically RHEL/CentOS)? I would assume that's also vulnerable but can ...