Quote:
Originariamente inviato da Mister D
(Messaggio 45280202)
Ma sei sicuro di questo?
Perché io ho capito diversamente:
http://www.theregister.co.uk/2018/01...vulnerability/
" On Wednesday, following research by a sizable collection of boffins, details of three closely related vulnerabilities involving the abuse of speculative execution in modern CPUs were made public:
CVE-2017-5753: Known as Variant 1, a bounds check bypass
CVE-2017-5715: Known as Variant 2, branch target injection
CVE-2017-5754: Known as Variant 3, rogue data cache load
These have been helpfully grouped into two logo'd and branded vulnerabilities: Meltdown (Variants 1 and 2), and Spectre (Variant 3). Both links go to a website with the full technical papers detailing the attacks if you want to see in gory detail how they work."
E se vedi il comunicato AMD sembra che loro dicano di essere affetti solo dalla 1:
https://www.amd.com/en/corporate/speculative-execution
Anche se poi l'articolo di theregister continua dicendo che per Meltdown nessun processore AMD ne è affetto (e quindi si contraddice) e che invece AMD insiste a dire che è affetto dalla variante 2 di Spectre???? Ma non si era detto che la variante 1 e 2 erano Meltdown???
" AMD insists its processors are practically immune to Variant 2 Spectre attacks. As for Variant 1, you'll have to wait for microcode updates or recompile your software with forthcoming countermeasures described in the technical paper on the Spectre website."
|
The Register non dice quanto riporti, probabilmente lo hanno corretto...
in Wednesday, following research by a sizable collection of boffins, details of three closely related vulnerabilities involving the abuse of speculative execution in modern CPUs were made public:
CVE-2017-5753: Known as Variant 1, a bounds check bypass
CVE-2017-5715: Known as Variant 2, branch target injection
CVE-2017-5754: Known as Variant 3, rogue data cache load
These have been helpfully grouped into two logo'd and branded vulnerabilities:
Meltdown (Variant 3), and Spectre (Variants 1 and 2). Both links go to a website with the full technical papers detailing the attacks if you want to see in gory detail how they work.
Here's a summary of the two branded bugs:
Meltdown che è il 5754:
https://en.wikipedia.org/wiki/Meltdo...vulnerability)
This is the big bug reported on Tuesday.
Meltdown does not affect any AMD processors. Confermato anche dal test che propone Microsoft...
Googlers confirmed an Intel Haswell Xeon CPU would allow a normal user program to read kernel memory.
It was discovered and reported by three independent teams: Jann Horn (Google Project Zero); Werner Haas, Thomas Prescher (Cyberus Technology); and Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology).
X quanto riguarda Spectre:
AMD insists its processors are practically immune to Variant 2 Spectre attacks. As for Variant 1, you'll have to wait for microcode updates or recompile your software with forthcoming countermeasures described in the technical paper on the Spectre website.