On 23 May 2018, at 18:45, WK <wkmail(a)bneit.com> wrote:
On 5/23/2018 7:57 AM, Sandro Bonazzola wrote:
>
>
> Please note that to fully mitigate this vulnerability, system administrators must
apply both hardware “microcode” updates and software patches that enable new
functionality.
> At this time, microprocessor microcode will be delivered by the individual
manufacturers.
>
>
Intel has been promising microcode updates since January when Spectre first appeared and
yet except for the very newest CPUs we haven't seen anything and in the cases of older
CPUs, I wonder if we are ever going to see anything even if Intel has is on their
“roadmap"
I believe they did release it[1], albeit late. SandyBridge for sure, and *some* Westmere
and Nehalem.
Can someone shed some light on the vulnerability at this time given we have no microcode
update, but all Kernel/Os updates applied, which supposedly handle the original Meltdown
and some Spectre Variants.
it requires microcode update as well for optimal performance, though reading [2] the “big
hammer” approach could work without it, but I do not believe anyone had run any benchmarks
yet.
1) Does the unpatched microcode exploit require "root" permissions?
2) Do the existing libvirt/qemu patches prevent a user "root" or
"otherwise" in a VM from snooping on other VMs and/or the host?
libvirt/qemu patches are just propagating the new mechanism to guests, they do not
implement anything in addition on their own
About exploitability - not sure at this point, I guess a proof of concept implementations
will show up soon
Thanks,
michal
Sincerely,
-wk
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
[1]
https://downloadcenter.intel.com/download/27776?v=t
[2]
https://www.redhat.com/en/blog/speculative-store-bypass-explained-what-it...