I added some details to help flesh out the #Spectre and #Meltdown attacks. CPUs are complicated.
https://www.kb.cert.org/vuls/id/584653
So eBPF itself, and by design, provides a kernel/user bridge, and the leaking that happens solely within kernel space is what results in the P0 impact. Is there a sentence or section in particular within the current vul note that is problematic/misleading?
-
-
the issue in my mind: that apart from vuln researchers, a lot of other people look at KB VU for guidance about the "threat posed". And here we have a case wherein, the 'worst case' is proved. so perhaps a mention will allow ppl to truly gauge the threat?
-
Good point. I've updated the note with a few sentences at the end of the Spectre section, as well as the comparison table.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.