The Spectre/Meltdown naming makes it easy to forget there are in fact *three* distinct vulnerabilities, each requiring separate mitigations. Here’s an overview:https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html …
-
Show this thread
-
Variant 1 enables out-of-bounds memory reads in code that was previously thought to be safe. This vulnerability affects specific sequences within compiled applications, which must be addressed on a per-binary basis (e.g. browser patches).
1 reply 2 retweets 2 likesShow this thread -
Variant 3 is analogous to variant 1, except it enables reading from kernel memory that’s available in the same address space. For Linux, the fix is KPTI (Kernel Page Table Isolation); other operating systems have similar mitigations.
2 replies 2 retweets 1 likeShow this thread
Variant 2 enables variant 1 across protection domains on the same CPU core (e.g. across guest/host mode, CPU rings, or processes). Fixing requires a microcode update from the CPU vendor, or hypervisor software mitigations such as Retpoline.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.