Skip to main content

Massive Vulnerability Resulting In Meltdown and Specter Attacks

I planned to update Arch every 10 days but since updating some 3 days ago, news of a massive vulnerability in the chip processor all computers use came out. There are two demonstrated attacks called Meltdown and Specter. So let me use the language of the OpenSuse security patch email here to explain what these are.


CVE-2017-5753 / "SpecŧreAttack": Local attackers on systems with modern

     CPUs featuring deep instruction pipelining could use attacker
     controllable speculative execution over code patterns in the Linux
     Kernel to leak content from otherwise not readable memory in the same
     address space, allowing retrieval of passwords, cryptographic keys and
     other secrets.

     This problem is mitigated by adding speculative fencing on affected code
   paths throughout the Linux kernel.


   - CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern
     CPUs featuring branch prediction could use mispredicted branches to
     speculatively execute code patterns that in turn could be made to leak
     other non-readable content in the same address space, an attack similar
     to CVE-2017-5753.

     This problem is mitigated by disabling predictive branches, depending
     on CPU architecture either by firmware updates and/or fixes in the
      user-kernel privilege boundaries.

     Please also check with your CPU / Hardware vendor on updated firmware
     or BIOS images regarding this issue.

     As this feature can have a performance impact, it can be disabled using
   the "nospec" kernel commandline option.


   - CVE-2017-5754 / "MeltdownAttack": Local attackers on systems with modern
     CPUs featuring deep instruction pipelining could use code patterns in
     userspace to speculative executive code that would read
     otherwise read protected memory, an attack similar to CVE-2017-5753.

     This problem is mitigated by unmapping the Linux Kernel from the user
   address space during user code execution, following a approach called
   "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation"
   and "PTI" / "Page Table Isolation".

     Note that this is only done on affected platforms.

     This feature can be enabled / disabled by the "pti=[on|off|auto]" or
   "nopti" commandline options.

Linux distros have pushed patches so I'm doing an update today. I'm updating my mirrors first with.

$ reflector --latest 8 --protocol https --sort rate --save /etc/pacman.d/mirrorlist

Then I update my system with --

$ pacman -Syu

I should be receiving the same patch that OpenSuse pushed to their users.

Comments

Popular posts from this blog

Password Issues On Ubuntu Login

I found myself unable to enter my login credentials when prompted to do so in Ubuntu. I think I might have changed it then forget about it. I've been running the current session for more days than I should have. I forget. So what's the solution to my problem. How do I get in to my system now? It involved getting into the grub menu somehow. I am uncertain as to how to do that exactly in your system. So there's a couple of ways to do it (finger's crossed). When booting at system start, use the esc key or the shift key. The first one worked for me. The timing is key. Wait until the bios banner shows then hit the esc key once. I am using Ubuntu 22.04.4 here. I have a current version of grub. The grub menu will give you options and the one you want is: root. Yes you want root privileges to set the root password. It should give you a terminal access where you can issue commands. Type: #mount -rw -o -s remount / ==> this command mounts the filesyste...

New ZFS Pool And the New 4TB Hard Drive

I am using the new pool for my videos and music. Downloading them using my torrent client, transmission. The old pool is raidz2 and now I am using a raidz1 only. But and a big but I gained space of up to 4.5 TB.

2024 So Far

I have a feeling of moving earth or walking off my itchiness. The growing fat in my belly tells me I am failing on many occasions to give in to this urge. My eyes are blurred by morning glory. I remember my father having the same ritual in the morning. After his weak stroke, he couldn't speak much, just a grunt but he would demonstrate with hand how he liked to wash his face. The weather wasn't helping. It's been raining cats and dogs the past week. The province of Rizal was soaked and spilled volumes of water into the bay and Laguna lake. Our Caimito tree was cut to no more than 4 feet from the ground. It was towering above the corrugated sheet metal of our roof. Now it lay horizontal on the yard. I calculated it could be made into a whole table and chairs set by a talented carpenter artist. I showed Lino the two big pieces of trunk that could only be moved if cut by a power saw in place. The road widening project in San Mateo was in the middle stage. One side of the road ...