Comment # 11 on bug 1163120 from Borislav Petkov

(In reply to Suse User from comment #10)
> Thank you for this info.
> 
> From the answers I understand it is a very complex field in which definitive
> answers cannot be given. I guess that although some things may be "highly
> unlikely" it is still a good idea to keep any technology which allows
> downloading and running unverified/utrusted code disabled by default (be it
> web JS, WASM or anything else).

You can always get a newer CPU for which there is microcode or get an AMD
machine which is affected by less issues:

/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation:
Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs
barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD
retpoline, IBPB: conditional, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected

> I hope RISC-V will change the world of computers. ;)

I wouldn't put my hopes up. I'm pretty sure they'll screw it up in their own
way. :-)

Ok, we're done here, closing.