Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Hi Stephen,
On Tue, Feb 20, 2018 at 10:09:52AM +0100, Stephan Seitz wrote:
> On Di, Feb 20, 2018 at 05:09:12 +0000, Andy Smith wrote:
> >CVE-2017-5753 is Spectre v1. There is no fix for Spectre v1 anywhere
> >yet, not even in Linux upstream.
>
> Are you sure?
[…]
> >STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
>
> Kernel is Linux 4.15.4 #1 SMP Sat Feb 17 23:19:56 CET 2018 x86_64, compiled
> myself with gcc 7.3 from testing.
Ah, I think you might be right that the known exploit for Spectre v1
is fixed now.
The commit message¹ speaks of infrastructure for future mitigations,
I think because further exploits are expected to be thought up for
this, but when they do I imagine they will have their own CVE
numbers (and names :)).
Cheers,
Andy
¹ https://lkml.org/lkml/2018/1/20/152
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: