Comment # 9 on bug 1163120 from
> - Why are L1TF and Meltdown not mitigated in kernel-default but only in
>   kernel-pae?

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=61a6bd83abf2f14b2a917b6a0279c88d299267af

> - Is it possible to mitigate MDS and 'Spec store bypass' through kernel
>   or only through microcode?

As previously stated, only through microcode update.

> - Can L1TF, MDS or 'Spec store bypass' be exploited through web
>   JavaScript, like shown in the video/papers?

L1TF:
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html#mitigation-selection-guide
MDS:
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html#attack-scenarios
SSB:
https://software.intel.com/security-software-guidance/software-guidance/speculative-store-bypass

> https://lkml.org/lkml/2019/12/8/205

The section "Process Isolation" here

https://software.intel.com/security-software-guidance/software-guidance/speculative-store-bypass

kinda explains what you need to do.

The section "Web-Browsers" here

https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html#attack-scenarios

says that MDS exploitation through JS is highly-unlikely.

The section "Mitigation selection guide" here

https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html#mitigation-selection-guide

says that if you don't use virtualization, the system is protected, as I
already pointed out previously.

And that's all the answers I can give you: I cannot tell you just by
describing what you do whether what you do is absolutely secure. Maybe,
maybe not. I also cannot tell you how likely is a "highly-unlikely"
exploitation. I don't think anyone would give you guarantees here.

What I can tell you is that we do our best to have the kernel up-to-date
and contain the latest mitigations.

I sincerely hope that helps.


You are receiving this mail because: