ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Basics of Spectre and Meltdown Video

    Scheduled Pinned Locked Moved News
    spectreintelmeltdowncpuvideo
    20 Posts 6 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ObsolesceO
      Obsolesce @Emad R
      last edited by Obsolesce

      @emad-r said in Basics of Spectre and Meltdown Video:

      especially the ppl that use Ubuntu as KVM server .

      https://www.qemu.org/2018/01/04/spectre/
      https://marc.info/?l=kvm&m=151543506500957&w=2

      1 Reply Last reply Reply Quote 0
      • stacksofplatesS
        stacksofplates @Obsolesce
        last edited by

        @tim_g said in Basics of Spectre and Meltdown Video:

        Spectre is still all theoretical at this point from what I understand, much harder to mitigate and exploit than Meltdown.

        Anyways:

        Fedora - Fixed in FEDORA-2018-8ed5eff2c0 (Fedora 26) and FEDORA-2018-22d5fa8a90 (Fedora 27).
        Update - Wed 10 Jan 2018, 08:00 UTC Fedora has pushed to testing new microcode_ctl packages for F26 and F27. They contain the update to upstream 2.1-15.20180108 and include fix for Spectre.

        https://github.com/hannob/meltdownspectre-patches

        ok? It doesn't matter how difficult it is to leverage. The point was RHEL/CentOS had a fix out in 24 hours. Fedora still doesn't have a fix a week and a half later.

        ObsolesceO 1 Reply Last reply Reply Quote 0
        • ObsolesceO
          Obsolesce @stacksofplates
          last edited by Obsolesce

          @stacksofplates said in Basics of Spectre and Meltdown Video:

          @tim_g said in Basics of Spectre and Meltdown Video:

          Spectre is still all theoretical at this point from what I understand, much harder to mitigate and exploit than Meltdown.

          Anyways:

          Fedora - Fixed in FEDORA-2018-8ed5eff2c0 (Fedora 26) and FEDORA-2018-22d5fa8a90 (Fedora 27).
          Update - Wed 10 Jan 2018, 08:00 UTC Fedora has pushed to testing new microcode_ctl packages for F26 and F27. They contain the update to upstream 2.1-15.20180108 and include fix for Spectre.

          https://github.com/hannob/meltdownspectre-patches

          ok? It doesn't matter how difficult it is to leverage. The point was RHEL/CentOS had a fix out in 24 hours. Fedora still doesn't have a fix a week and a half later.

          Is CentOS is missing the Meltdown microcode fix? (according to your above screenshot)

          stacksofplatesS 1 Reply Last reply Reply Quote 0
          • stacksofplatesS
            stacksofplates @Obsolesce
            last edited by stacksofplates

            @tim_g said in Basics of Spectre and Meltdown Video:

            @stacksofplates said in Basics of Spectre and Meltdown Video:

            @tim_g said in Basics of Spectre and Meltdown Video:

            Spectre is still all theoretical at this point from what I understand, much harder to mitigate and exploit than Meltdown.

            Anyways:

            Fedora - Fixed in FEDORA-2018-8ed5eff2c0 (Fedora 26) and FEDORA-2018-22d5fa8a90 (Fedora 27).
            Update - Wed 10 Jan 2018, 08:00 UTC Fedora has pushed to testing new microcode_ctl packages for F26 and F27. They contain the update to upstream 2.1-15.20180108 and include fix for Spectre.

            https://github.com/hannob/meltdownspectre-patches

            ok? It doesn't matter how difficult it is to leverage. The point was RHEL/CentOS had a fix out in 24 hours. Fedora still doesn't have a fix a week and a half later.

            But CentOS is missing the Meltdown microcode fix? (according to your above screenshot)

            No. Top two images are CentOS. They show variants 1 and 3 are mitigated. The second two images are Fedora. Both show vulnerable for variants 1 and 2. The fourth image is the RHEL check and shows vulnerable for Meltdown but I'm assuming that's because it's a RHEL specific check and it's a kernel the check isn't expecting.

            The first and third image are the non-RHEL created checks. The second and fourth are made by RHEL.

            ObsolesceO 1 Reply Last reply Reply Quote 0
            • ObsolesceO
              Obsolesce @stacksofplates
              last edited by

              @stacksofplates said in Basics of Spectre and Meltdown Video:

              @tim_g said in Basics of Spectre and Meltdown Video:

              @stacksofplates said in Basics of Spectre and Meltdown Video:

              @tim_g said in Basics of Spectre and Meltdown Video:

              Spectre is still all theoretical at this point from what I understand, much harder to mitigate and exploit than Meltdown.

              Anyways:

              Fedora - Fixed in FEDORA-2018-8ed5eff2c0 (Fedora 26) and FEDORA-2018-22d5fa8a90 (Fedora 27).
              Update - Wed 10 Jan 2018, 08:00 UTC Fedora has pushed to testing new microcode_ctl packages for F26 and F27. They contain the update to upstream 2.1-15.20180108 and include fix for Spectre.

              https://github.com/hannob/meltdownspectre-patches

              ok? It doesn't matter how difficult it is to leverage. The point was RHEL/CentOS had a fix out in 24 hours. Fedora still doesn't have a fix a week and a half later.

              But CentOS is missing the Meltdown microcode fix? (according to your above screenshot)

              No. Top two images are CentOS. They show variants 1 and 3 are mitigated. The second two images are Fedora. Both show vulnerable for variants 1 and 2. The second image is the RHEL check and shows vulnerable for Meltdown but I'm assuming that's because it's a RHEL specific check and it's a kernel the check isn't expecting.

              The first and third image are the non-RHEL created checks. The second and fourth are made by RHEL.

              Ahh I see.

              stacksofplatesS 1 Reply Last reply Reply Quote 0
              • ObsolesceO
                Obsolesce
                last edited by

                And so we wait on Fedora...

                https://docs.ovh.com/fr/dedicated/meltdown-spectre-kernel-update-per-operating-system/

                1 Reply Last reply Reply Quote 0
                • stacksofplatesS
                  stacksofplates @Obsolesce
                  last edited by

                  @tim_g said in Basics of Spectre and Meltdown Video:

                  @stacksofplates said in Basics of Spectre and Meltdown Video:

                  @tim_g said in Basics of Spectre and Meltdown Video:

                  @stacksofplates said in Basics of Spectre and Meltdown Video:

                  @tim_g said in Basics of Spectre and Meltdown Video:

                  Spectre is still all theoretical at this point from what I understand, much harder to mitigate and exploit than Meltdown.

                  Anyways:

                  Fedora - Fixed in FEDORA-2018-8ed5eff2c0 (Fedora 26) and FEDORA-2018-22d5fa8a90 (Fedora 27).
                  Update - Wed 10 Jan 2018, 08:00 UTC Fedora has pushed to testing new microcode_ctl packages for F26 and F27. They contain the update to upstream 2.1-15.20180108 and include fix for Spectre.

                  https://github.com/hannob/meltdownspectre-patches

                  ok? It doesn't matter how difficult it is to leverage. The point was RHEL/CentOS had a fix out in 24 hours. Fedora still doesn't have a fix a week and a half later.

                  But CentOS is missing the Meltdown microcode fix? (according to your above screenshot)

                  No. Top two images are CentOS. They show variants 1 and 3 are mitigated. The second two images are Fedora. Both show vulnerable for variants 1 and 2. The second image is the RHEL check and shows vulnerable for Meltdown but I'm assuming that's because it's a RHEL specific check and it's a kernel the check isn't expecting.

                  The first and third image are the non-RHEL created checks. The second and fourth are made by RHEL.

                  Ahh I see.

                  Ya that's just an assumption I'm making about the RHEL check because the other shows it's patched. And I had to edit the script and comment out the function that checks if it's anything other than RHEL/CentOS.

                  1 Reply Last reply Reply Quote 0
                  • dafyreD
                    dafyre
                    last edited by

                    I'm not too terribly worried about this. I get the concern, and when patches come out, they will definitely get applied. But until there's some remotely exploitable POC stuff out there, it's not going to be too damaging before then, IMO.

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @dafyre
                      last edited by

                      @dafyre said in Basics of Spectre and Meltdown Video:

                      I'm not too terribly worried about this. I get the concern, and when patches come out, they will definitely get applied. But until there's some remotely exploitable POC stuff out there, it's not going to be too damaging before then, IMO.

                      And especially not if you are on your own servers (not shared) or not on Intel, etc. Lots of people affected, a lot of people not so much.

                      stacksofplatesS 1 Reply Last reply Reply Quote 0
                      • stacksofplatesS
                        stacksofplates @scottalanmiller
                        last edited by

                        @scottalanmiller said in Basics of Spectre and Meltdown Video:

                        or not on Intel,

                        Spectre is everyone. So my point still stands here.

                        1 Reply Last reply Reply Quote 0
                        • 1 / 1
                        • First post
                          Last post