I added some details to help flesh out the #Spectre and #Meltdown attacks. CPUs are complicated.
https://www.kb.cert.org/vuls/id/584653
I considered it, but I'd like to avoid conflating the issues at hand. Once you start considering the aspects of vulnerability chaining, things like impact get murky very quickly. The eBPF JIT engine provides a mechanism for userspace to be able to execute some code in the kernel
-
-
So eBPF itself, and by design, provides a kernel/user bridge, and the leaking that happens solely within kernel space is what results in the P0 impact. Is there a sentence or section in particular within the current vul note that is problematic/misleading?
-
the issue in my mind: that apart from vuln researchers, a lot of other people look at KB VU for guidance about the "threat posed". And here we have a case wherein, the 'worst case' is proved. so perhaps a mention will allow ppl to truly gauge the threat?
- 2 more replies
New conversation -
-
-
yeah...i see where you are going & i would 100% agree only if the use of eBPF JIT can be called "vulnerability chaining" ;)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.