Lee wrote:
I've got a dell, so I started here: https://www.dell.com/support/article/us/en/19/sln308587/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-products?lang=enApply the update, do the powershell bit: PS C:\temp\2do\SpeculationControl> Get-SpeculationControlSettings Speculation control settings for CVE-2017-5715 [branch target injection] Hardware support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is enabled: True Speculation control settings for CVE-2017-5754 [rogue data cache load] Hardware requires kernel VA shadowing: True Windows OS support for kernel VA shadow is present: True Windows OS support for kernel VA shadow is enabled: True Windows OS support for PCID performance optimization is enabled: True [not required for security] BTIHardwarePresent : True BTIWindowsSupportPresent : True BTIWindowsSupportEnabled : True BTIDisabledBySystemPolicy : False BTIDisabledByNoHardwareSupport : False KVAShadowRequired : True KVAShadowWindowsSupportPresent : True KVAShadowWindowsSupportEnabled : True KVAShadowPcidEnabled : True everything looks good .. except the POC still works :( C:\cygwin\home\Lee\t>spectre.exe Reading 40 bytes: Reading at malicious_x = 00000FE4... Success: 0x54='T' score=2 Reading at malicious_x = 00000FE5... Success: 0x68='h' score=2 Reading at malicious_x = 00000FE6... Success: 0x65='e' score=7 (second best: 0x01 score=1) Reading at malicious_x = 00000FE7... Success: 0x20=' ' score=2 <.. snip ..> Reading at malicious_x = 00001008... Success: 0x61='a' score=2 Reading at malicious_x = 00001009... Success: 0x67='g' score=2 Reading at malicious_x = 0000100A... Success: 0x65='e' score=2 Reading at malicious_x = 0000100B... Success: 0x2E='.' score=2 *sigh* latest OS update + latest BIOS update + latest CPU microcode and the proof of concept exploit still works.
Don't the OS kernel / BIOS / CPU updates just mitigate against Meltdown, preventing applications (executing in ring3) from inferring content of kernel memory (in ring0)?
As I understand it, I think Spectre requires workarounds in each application (or a fundamental change to CPU hardware to do something like somehow roll back the cache content along with other processor state when discarding speculatively executed instructions). Unless you patch the PoC code to mitigate Spectre, it will still demonstrate a successful attack.
-- Mark. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
