#OSSummit: Linux Continues to Pay the Price for CPU Hardware Vulnerabilities

#OSSummit: Linux Continues to Pay the Price for CPU Hardware Vulnerabilities

More than a year and a half ago, the world first learned of the Spectre and Meltdown attacks impacting Intel and other CPU vendors. The flood of somewhat related CPU hardware issues has continued since then as operating systems developers, including Linux kernel developers, have raced to keep pace with patching.





In a keynote at the Open Source Summit in San Diego, California on August 22, Greg Kroah-Hartman, who maintains the stable Linux kernel, outlined the many new CPU hardware security challenges that Linux developers have faced in the past year, that extend far beyond just the original Spectre and Meltdown issues.





Back in May 2019, researchers disclosed the MDS set of vulnerabilities impacting Intel and other CPU vendors. The MDS vulnerabilities include multiple specific issues carrying names such as RIDL, Fallout and Zombieload. Kroah-Hartman explained that the MDS issues are yet another class of Spectre and Meltdown related vulnerability found in CPUs.





“All these issues exploit how processors see in the future, so in order to go faster, you have to guess what’s going to happen next,” he explained.





With the MDS vulnerabilities, Kroah-Hartman said that an attacker could potentially read what someone else already did with a CPU and also cross virtual machine boundaries.





“With cloud computing, you’re running untrusted things on different virtual machines and you don’t know who else is running on your machine,” he warned. “This can be a real issue. I can read data from somebody el ..

Support the originator by clicking the read the rest link below.