lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4378426.n3xRFAaMNP@merkaba>
Date:   Thu, 03 May 2018 18:10:44 +0200
From:   Martin Steigerwald <martin@...htvoll.de>
To:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Spectre V2: Eight new security holes in Intel processors

Hello.

It seems there are eight new security holes alongside the Spectre/
Meltdown CPU design issues:

https://www.heise.de/security/meldung/Spectre-NG-Intel-Prozessoren-von-neuen-hochriskanten-Sicherheitsluecken-betroffen-4039302.html

(german language only, only found german language reports refering to 
the Heise c´t article so far, I did not find any other publically 
viewable source on this so far)

Short summary:

- eight new security issues found by various research teams (including 
Google Project Zero)

- GPZ may release one of them at 7th of May after 90 days embargo

- Intel considers four of them to be critical

- Article authors and editors at Heise consider one to be highly 
critical. They claim it makes it very easy to circumvent boundaries 
between different virtual machines or a virtual machine and hypervisor 
system. I got the impression that the article lacks a lot of details 
however. They even mention that they are not sharing them yet, in the 
hope patches will be there before the issues will be disclosed in full.


I did not see any patches regarding these new issues on LKML, but they 
may run under different names. Has the Linux kernel community been 
informed at all? Well hopefully at least kernel developers working at 
Intel are working on patches.

Thanks,
-- 
Martin


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ