On Mon, Jan 8, 2018 at 2:59 PM, Marcus Meissner <meissner@suse.de> wrote:
Meltdown affects Intel chips. I think Core 2 for sure, Pentium 4 unclear.
FWIW, there is a Meltdown exploit available for testing.
https://github.com/paboldin/meltdown-exploit
Spectre affects both Intel and AMD chips.
Ran it. Had to recompile it with suggested settings. Got: looking for linux_proc_banner in /proc/kallsyms cached = 70, uncached = 463, threshold 180 read ffffffff81800060 = ff (score=0/1000) read ffffffff81800061 = ff (score=0/1000) read ffffffff81800062 = ff (score=0/1000) read ffffffff81800063 = ff (score=0/1000) read ffffffff81800064 = ff (score=0/1000) read ffffffff81800065 = ff (score=0/1000) read ffffffff81800066 = ff (score=0/1000) read ffffffff81800067 = ff (score=0/1000) read ffffffff81800068 = ff (score=0/1000) read ffffffff81800069 = ff (score=0/1000) read ffffffff8180006a = ff (score=0/1000) read ffffffff8180006b = ff (score=0/1000) read ffffffff8180006c = ff (score=0/1000) read ffffffff8180006d = ff (score=0/1000) read ffffffff8180006e = ff (score=0/1000) read ffffffff8180006f = ff (score=0/1000) NOT VULNERABLE PLEASE POST THIS TO https://github.com/paboldin/meltdown-exploit/issues/22 NOT VULNERABLE ON 3.16.7-53-desktop #1 SMP PREEMPT Fri Dec 2 13:19:28 UTC 2016 (7b4a1f9) x86_64 processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 15 model name : Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz stepping : 6 microcode : 0xd1 cpu MHz : 2000.000 cache size : 4096 KB physical id : 0 This laptop is still running 13.2/x64. Been lazy. However, it does show not vulnerable, which is encouraging. I do have a more current setup on a Q9000 laptop I will try later.
One thing is that Javascript in Firefox and Chrome was/is able to exploit Meltdown. This makes an attack over the web possible.
(Firefox and Chrome javascript engines had high precision timers available and some form of direct byte buffer access. They want to make the high precission timers less precise.)
Good thing I run NoScript. Maybe this will get sites to reconsider relying on javascript so much(I'm not a fan).
Spectre is only beginning to be understood, it is actually more tricky from a Mitigation point of view.
crap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org