2018-05-03 16:12:26

by Martin Steigerwald

[permalink] [raw]
Subject: Spectre V2: Eight new security holes in Intel processors

Hello.

It seems there are eight new security holes alongside the Spectre/
Meltdown CPU design issues:

https://www.heise.de/security/meldung/Spectre-NG-Intel-Prozessoren-von-neuen-hochriskanten-Sicherheitsluecken-betroffen-4039302.html

(german language only, only found german language reports refering to
the Heise c?t article so far, I did not find any other publically
viewable source on this so far)

Short summary:

- eight new security issues found by various research teams (including
Google Project Zero)

- GPZ may release one of them at 7th of May after 90 days embargo

- Intel considers four of them to be critical

- Article authors and editors at Heise consider one to be highly
critical. They claim it makes it very easy to circumvent boundaries
between different virtual machines or a virtual machine and hypervisor
system. I got the impression that the article lacks a lot of details
however. They even mention that they are not sharing them yet, in the
hope patches will be there before the issues will be disclosed in full.


I did not see any patches regarding these new issues on LKML, but they
may run under different names. Has the Linux kernel community been
informed at all? Well hopefully at least kernel developers working at
Intel are working on patches.

Thanks,
--
Martin