Received: by 10.192.165.148 with SMTP id m20csp2029873imm;
        Thu, 3 May 2018 09:12:26 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZqSSefU2J9A1mlWP7YtlKifbUc0k9h9izfkM0Krc31Mfn9FaAwnfuRWiyKNc+GwYhMJrFye
X-Received: by 2002:a17:902:bd41:: with SMTP id b1-v6mr23984764plx.302.1525363946373;
        Thu, 03 May 2018 09:12:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525363946; cv=none;
        d=google.com; s=arc-20160816;
        b=PX1vX648AF5lv5Rd7ntyJ7uKZOq9RxZi1AjdJypNsmBndIVUyCIaaqoLyYLYtZNCZN
         kLIgIReXBW0fWfqdqxLMi9JTAyukSDwI/0LTaJt1VAKL8gSoMapbvfGlx2Mgu1xnRCdt
         h0u+q1Oy3ErRZj5jJU32meO+CxT+hGgUzRnUoDWFSABGN8aY4FR5p/AEf+a1MqeFeM5e
         N80VD5uM5d5n8boDKdn8QMSZfC0aos5vTZMlDk6ecbQsOjnsocM5HIe+3s+a5c2H06YM
         /ejO28ugZEdJF24WfI4s4rHJ/MPaJpNYOGTzQnJJiVX81lc6EUjPnbM1SXcgkIF02SkM
         Z3rA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:to:from:arc-authentication-results;
        bh=6EhmFAqKaohI049gzatMXqbVHUQiuKPxVXBjY2sOPBk=;
        b=V+ot8dpTabdoYlTU3o/MAfpmXxZrYCFkF5OHcPSoUp05L66Eo/dYu7SY4yfg6M5idA
         PEoSJMPlZy8HguwK+NDC7nyTN/zosBC/hoflG8opIbuAZAbotyzV1vnZ1batYAcXmByN
         1ien2SDBHq6LoWj3BIDzSq54F/erfsTdlEgAnQan7EykHRTc+YJwwkY7PijnHZOVIbF7
         1Zj7p/axT3N+JvazWLXHMjm4ACwreCHeeMlBrIs4c2L6qh59nRiMKb7PzvZmTlDyyZaU
         3RZKcfoptVJ4tBsWDIv+8QziMxVVGUQEelXn+/fTR/tHezRlXqhq3WLWiYb8aRdGS9nt
         dycw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 21si14527573pfy.293.2018.05.03.09.12.12;
        Thu, 03 May 2018 09:12:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751174AbeECQKx convert rfc822-to-8bit (ORCPT
        <rfc822;ereslibre@gmail.com> + 99 others);
        Thu, 3 May 2018 12:10:53 -0400
Received: from mondschein.lichtvoll.de ([194.150.191.11]:39979 "EHLO
        mail.lichtvoll.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751095AbeECQKw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 3 May 2018 12:10:52 -0400
Authentication-Results: auth=pass smtp.auth=martin smtp.mailfrom=martin@lichtvoll.de
Received: from 127.0.0.1 (localhost [127.0.0.1])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.lichtvoll.de (Postfix) with ESMTPSA id 9B22E30CD77
        for <linux-kernel@vger.kernel.org>; Thu,  3 May 2018 18:10:45 +0200 (CEST)
From:   Martin Steigerwald <martin@lichtvoll.de>
To:     Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Spectre V2: Eight new security holes in Intel processors
Date:   Thu, 03 May 2018 18:10:44 +0200
Message-ID: <4378426.n3xRFAaMNP@merkaba>
MIME-Version: 1.0
Content-Transfer-Encoding: 8BIT
Content-Type: text/plain; charset="iso-8859-1"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hello.

It seems there are eight new security holes alongside the Spectre/
Meltdown CPU design issues:

https://www.heise.de/security/meldung/Spectre-NG-Intel-Prozessoren-von-neuen-hochriskanten-Sicherheitsluecken-betroffen-4039302.html

(german language only, only found german language reports refering to 
the Heise c?t article so far, I did not find any other publically 
viewable source on this so far)

Short summary:

- eight new security issues found by various research teams (including 
Google Project Zero)

- GPZ may release one of them at 7th of May after 90 days embargo

- Intel considers four of them to be critical

- Article authors and editors at Heise consider one to be highly 
critical. They claim it makes it very easy to circumvent boundaries 
between different virtual machines or a virtual machine and hypervisor 
system. I got the impression that the article lacks a lot of details 
however. They even mention that they are not sharing them yet, in the 
hope patches will be there before the issues will be disclosed in full.


I did not see any patches regarding these new issues on LKML, but they 
may run under different names. Has the Linux kernel community been 
informed at all? Well hopefully at least kernel developers working at 
Intel are working on patches.

Thanks,
-- 
Martin