It might be senility or I suddenly can not understand English, so I will just copy and paste here..

The bounds check bypass has also been shown to read kernel memory on Intel and AMD processors. Importantly, this does not work on AMD processors in default configurations. The proof-of-concept requires BPF JIT to be manually enabled in the Linux kernel for AMD processors. (It is not, by default.) The tested Intel processor was vulnerable independent of the BPF JIT setting.

https://www.techrepublic.com/article/massive-intel-cpu-flaw-understanding-the-technical-details-of-meltdown-and-spectre/


And this is from the goobles zero study directly:

A PoC for variant 1 that, when running with normal user privileges under a modern Linux kernel with a distro-standard config, can perform arbitrary reads in a 4GiB range [3] in kernel virtual memory on the Intel Haswell Xeon CPU. If the kernel's BPF JIT is enabled (non-default configuration), it also works on the AMD PRO CPU.

And yep, the variant one is -> Variant 1: bounds check bypass (CVE-2017-5753)

That is the only one exploit AMD says it can represent a problem for their CPUs, meltdown does not affect it due to architecture differences and the second variant according to AMD has "near zero risk of exploitation".

If so, I am a happy guy :)
Well, in each case it would appear that exploiting spectre is quite tough and to my understanding nowhere near as grave as meltdown.

Imagine how nice must it be to have a ready cross-platform exploit for every single Intel CPU ever made for 20 years.. Not that I wish to imply that Intel did this on purpose or to gain single core performance advantage over AMD. :P


Reply via email to