> On 23 May 2018, at 18:45, WK <[email protected]> wrote: > > > > On 5/23/2018 7:57 AM, Sandro Bonazzola wrote: >> >> >> Please note that to fully mitigate this vulnerability, system administrators >> must apply both hardware “microcode” updates and software patches that >> enable new functionality. >> At this time, microprocessor microcode will be delivered by the individual >> manufacturers. >> >> > > Intel has been promising microcode updates since January when Spectre first > appeared and yet except for the very newest CPUs we haven't seen anything and > in the cases of older CPUs, I wonder if we are ever going to see anything > even if Intel has is on their “roadmap"
I believe they did release it[1], albeit late. SandyBridge for sure, and *some* Westmere and Nehalem. > > Can someone shed some light on the vulnerability at this time given we have > no microcode update, but all Kernel/Os updates applied, which supposedly > handle the original Meltdown and some Spectre Variants. it requires microcode update as well for optimal performance, though reading [2] the “big hammer” approach could work without it, but I do not believe anyone had run any benchmarks yet. > > 1) Does the unpatched microcode exploit require "root" permissions? > > 2) Do the existing libvirt/qemu patches prevent a user "root" or "otherwise" > in a VM from snooping on other VMs and/or the host? libvirt/qemu patches are just propagating the new mechanism to guests, they do not implement anything in addition on their own About exploitability - not sure at this point, I guess a proof of concept implementations will show up soon Thanks, michal > > Sincerely, > > -wk > > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] [1] https://downloadcenter.intel.com/download/27776?v=t [2] https://www.redhat.com/en/blog/speculative-store-bypass-explained-what-it-how-it-works _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected]
