Project Zero blog: "A cache invalidation bug in Linux memory management" by @tehjh -- https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html …
-
-
One thing I'm pretty sure of at this point: I don't think this is a problem that security researchers should attempt to fix unilaterally through their own ad-hoc coordination attempts.
-
Coalescing around linux-distros@ seems like a reasonable place to start, but upstream/distros would ideally agree on a consistent process around how we should utilize the list, and then we can go from there.
-
Good points, thanks Ben. +1 on not expecting researchers to solve this, was just curious on your thoughts :) Lots of tricky parts here, from fixes not always being tagged security to turnaround time for distro updates. End-users could be looking at new kernel updates dailly...
-
just as a data point on how another project handles related things: the Xen project published https://lists.xenproject.org/archives/html/xen-devel/2018-05/pdfUjsyxzF0CK.pdf … this year, with information on their handling of security patch batching in section 1.1
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.