Hi Stephen, On Tue, Feb 20, 2018 at 10:09:52AM +0100, Stephan Seitz wrote: > On Di, Feb 20, 2018 at 05:09:12 +0000, Andy Smith wrote: > >CVE-2017-5753 is Spectre v1. There is no fix for Spectre v1 anywhere > >yet, not even in Linux upstream. > > Are you sure?
[…] > >STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization) > > Kernel is Linux 4.15.4 #1 SMP Sat Feb 17 23:19:56 CET 2018 x86_64, compiled > myself with gcc 7.3 from testing. Ah, I think you might be right that the known exploit for Spectre v1 is fixed now. The commit message¹ speaks of infrastructure for future mitigations, I think because further exploits are expected to be thought up for this, but when they do I imagine they will have their own CVE numbers (and names :)). Cheers, Andy ¹ https://lkml.org/lkml/2018/1/20/152 -- https://bitfolk.com/ -- No-nonsense VPS hosting
