What | Removed | Added |
---|---|---|
Status | RESOLVED | REOPENED |
Resolution | WORKSFORME | --- |
Flags | needinfo? |
You said that 'spec store bypass' and MDS can be mitigated only through microcode update. According to this material which explains that both vulnerabilities are domain-bypass: https://software.intel.com/security-software-guidance/insights/refined-speculative-execution-terminology "If a vulnerability is described as having domain-bypass impact, then hardware mitigation, microcode patches and/or software changes to the operating system (OS) or virtual machine monitor (VMM) are often required." Trying to understand what "and/or" may include I looked at the individual articles for each vulnerability. This info: https://software.intel.com/security-software-guidance/software-guidance/speculative-store-bypass#mitigation says that: "Speculative store bypass can be mitigated through software-based approaches including process isolation and selective use of LFENCE." And for MDS: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling#mitigation "For processors that are affected, the mitigation for microarchitectural data sampling issues includes overwriting store buffers, fill buffers, and load ports before transitioning to possibly less-privileged code." which also sounds like a software mitigation. I would like to kindly ask the experts here to please review this info and consider the possibility of implementing OS based mitigations which according to Intel are possible.