http://bugzilla.suse.com/show_bug.cgi?id=1163120
http://bugzilla.suse.com/show_bug.cgi?id=1163120#c15
Suse User changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WORKSFORME |---
Flags| |needinfo?
--- Comment #15 from Suse User ---
You said that 'spec store bypass' and MDS can be mitigated only through
microcode update.
According to this material which explains that both vulnerabilities are
domain-bypass:
https://software.intel.com/security-software-guidance/insights/refined-specu...
"If a vulnerability is described as having domain-bypass impact, then hardware
mitigation, microcode patches and/or software changes to the operating system
(OS) or virtual machine monitor (VMM) are often required."
Trying to understand what "and/or" may include I looked at the individual
articles for each vulnerability.
This info:
https://software.intel.com/security-software-guidance/software-guidance/spec...
says that:
"Speculative store bypass can be mitigated through software-based approaches
including process isolation and selective use of LFENCE."
And for MDS:
https://software.intel.com/security-software-guidance/software-guidance/micr...
"For processors that are affected, the mitigation for microarchitectural data
sampling issues includes overwriting store buffers, fill buffers, and load
ports before transitioning to possibly less-privileged code."
which also sounds like a software mitigation.
I would like to kindly ask the experts here to please review this info and
consider the possibility of implementing OS based mitigations which according
to Intel are possible.
--
You are receiving this mail because:
You are on the CC list for the bug.