The Spectre/Meltdown naming makes it easy to forget there are in fact *three* distinct vulnerabilities, each requiring separate mitigations. Here’s an overview:https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html …
-
-
Variant 3 is analogous to variant 1, except it enables reading from kernel memory that’s available in the same address space. For Linux, the fix is KPTI (Kernel Page Table Isolation); other operating systems have similar mitigations.
Show this thread -
Variant 2 enables variant 1 across protection domains on the same CPU core (e.g. across guest/host mode, CPU rings, or processes). Fixing requires a microcode update from the CPU vendor, or hypervisor software mitigations such as Retpoline.
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.