[lfs-dev] And this week's CPU vulnerability is ...

Ken Moffat zarniwhoop at ntlworld.com
Wed Aug 7 12:11:43 PDT 2019


On Wed, Aug 07, 2019 at 04:00:52AM +0100, Ken Moffat via lfs-dev wrote:
> News sites are now filling up with reports of the 'SWAPGS'
> vulnerability, CVE-2019-1125, disclosed on Tuesday.
> 
> Apparently, it affects all intels since Ivy Bridge, and (possibly)
> AMD - people who found it (Bitdefender.com) were unable to exploit it
> on AMD Fam15 or Fam16 and AMD suggest it will be very hard to
> exploit.  Specifically, AMD suggest they are only vulnerable to
> Scenario 2, Variant 2 of the possible series of attacks, and that
> existing mitigations for Spectre v1 will prevent this.
> 
> https://www.amd.com/en/corporate/product-security/
> 
> But I don't have a link to the various scenarios, and the CVE is
> still labelled as 'reserved'.
> 
> If google is linking two and two together to make four (which would
> be a change!), kernels 5.2.7, 4.19.65, etc might have the
> mitigations.
> 
In fact, linus merged the fixes for this "Grand Schemozzle"
yesterday.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4368c4bc9d36821690d6bb2e743d5a075b6ddb55

But it IS in 5.2.7 (confirmed by looking at the diffstat at
kernel.org).  Probably only of real concern to anyone providing
hosting or VMs on intel - according to phoronix, the kernel does not
apply the new mitigations to AMD hardware.

ĸen
-- 
Adopted by dwarfs, brought up by dwarfs.  To dwarfs I'm a dwarf, sir.
I can do the rite of k'zakra, I know the secrets of h'ragna, I can
ha'lk my g'rakha correctly ... I am a dwarf
           Captain Carrot Ironfoundersson (in The Fifth Elephant)


More information about the lfs-dev mailing list