2018-05-23 18:45 GMT+02:00 WK <wkmail@bneit.com>:


On 5/23/2018 7:57 AM, Sandro Bonazzola wrote:


Please note that to fully mitigate this vulnerability, system administrators must apply both hardware “microcode” updates and software patches that enable new functionality.
At this time, microprocessor microcode will be delivered by the individual manufacturers.



Intel has been promising microcode updates since January when Spectre first appeared and yet except for the very newest CPUs we haven't seen anything and in the cases of older CPUs, I wonder if we are ever going to see anything even if Intel has is on their "roadmap"

Can someone shed some light on the vulnerability at this time given we have no microcode update, but all Kernel/Os updates applied, which supposedly handle the original Meltdown and some Spectre Variants.

1) Does the unpatched microcode exploit require "root" permissions?

2) Do the existing libvirt/qemu patches prevent a user "root" or "otherwise" in a VM from snooping on other VMs and/or the host?


Adding Jonathan Masters, author of https://www.redhat.com/en/blog/speculative-store-bypass-explained-what-it-how-it-works
Maybe he can answer your questions.

 
Sincerely,

-wk

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org



--

SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R&D

Red Hat EMEA

sbonazzo@redhat.com