| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 03 May 2018 18:10:44 +0200 From: Martin Steigerwald <martin@...htvoll.de> To: Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Spectre V2: Eight new security holes in Intel processors Hello. It seems there are eight new security holes alongside the Spectre/ Meltdown CPU design issues: https://www.heise.de/security/meldung/Spectre-NG-Intel-Prozessoren-von-neuen-hochriskanten-Sicherheitsluecken-betroffen-4039302.html (german language only, only found german language reports refering to the Heise c´t article so far, I did not find any other publically viewable source on this so far) Short summary: - eight new security issues found by various research teams (including Google Project Zero) - GPZ may release one of them at 7th of May after 90 days embargo - Intel considers four of them to be critical - Article authors and editors at Heise consider one to be highly critical. They claim it makes it very easy to circumvent boundaries between different virtual machines or a virtual machine and hypervisor system. I got the impression that the article lacks a lot of details however. They even mention that they are not sharing them yet, in the hope patches will be there before the issues will be disclosed in full. I did not see any patches regarding these new issues on LKML, but they may run under different names. Has the Linux kernel community been informed at all? Well hopefully at least kernel developers working at Intel are working on patches. Thanks, -- Martin
Powered by blists - more mailing lists