On Wed, 2018-01-03 at 22:14 -0800, Adam Williamson wrote: > On Wed, 2018-01-03 at 21:49 -0700, Brendan Conoboy wrote: > > This is probably where the "AMD is safe" rumor started, but that is > > only 1/3, maybe 2/3. Now that the context is public let's be clear: > > even AMD processors are vulnerable without the patched kernel Adam has > > asked for help testing. > > AIUI, the kernel update released today only addresses one of the known > vuln variants - CVE-2017-5754 , or "Meltdown". It does not address CVE- > 2017-5753 or CVE-2017-5715.
Sorry, forgot to complete this paragraph: ...therefore, even installing the update is not really a complete solution. However, the variant it addresses is the one which appears to be most immediately weaponizable. Google's PoC for that variant (again, "Meltdown" / CVE-2017-5754) is the one that could most obviously be adapted for practical real-world attacks - but indeed only against Intel CPUs. The PoCs for the other two variants - the ones we do not yet have fixes for - are rather less immediately weaponizable, at least AIUI. Of course, more practical attacks for those two variants could be discovered at any time, as could more variants on the vulnerability. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
