On 23 May 2018, at 18:45, WK <wkmail@bneit.com> wrote:
On 5/23/2018 7:57 AM, Sandro Bonazzola wrote:
Please note that to fully mitigate this vulnerability, system administrators must apply both hardware “microcode” updates and software patches that enable new functionality. At this time, microprocessor microcode will be delivered by the individual manufacturers.
Intel has been promising microcode updates since January when Spectre first appeared and yet except for the very newest CPUs we haven't seen anything and in the cases of older CPUs, I wonder if we are ever going to see anything even if Intel has is on their “roadmap"
I believe they did release it[1], albeit late. SandyBridge for sure, and *some* Westmere and Nehalem.
Can someone shed some light on the vulnerability at this time given we have no microcode update, but all Kernel/Os updates applied, which supposedly handle the original Meltdown and some Spectre Variants.
it requires microcode update as well for optimal performance, though reading [2] the “big hammer” approach could work without it, but I do not believe anyone had run any benchmarks yet.
1) Does the unpatched microcode exploit require "root" permissions?
2) Do the existing libvirt/qemu patches prevent a user "root" or "otherwise" in a VM from snooping on other VMs and/or the host?
libvirt/qemu patches are just propagating the new mechanism to guests, they do not implement anything in addition on their own About exploitability - not sure at this point, I guess a proof of concept implementations will show up soon Thanks, michal
Sincerely,
-wk
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org
[1] https://downloadcenter.intel.com/download/27776?v=t [2] https://www.redhat.com/en/blog/speculative-store-bypass-explained-what-it-ho...