Re: [PLUG] Intel SA-00086 critical BIOS update

Rich Freeman on 6 Jan 2018 11:11:52 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Intel SA-00086 critical BIOS update

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Intel SA-00086 critical BIOS update
Date: Sat, 6 Jan 2018 14:11:45 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=URV8DLR/NkYI3JlotoNMge5/gvh1UtVC2oyJUB5d8W0=; b=JcGkfwz4Nz2cu9d2y757gSSAuuzEHqp1v2PI2gOkhsvKRnTjaeY6yhSHlPgxOTD3oy qdozTZvFH914RuIPAxCgcIQOT6c4j1J2E8UN8PEUhKyLCgbtVciAWuE3P+l3KxVHEx83 XR6x8xbQS+r+BRLqMtIO7CiONa/YdsB7epmUznDhvUTb8+wx7QlmidIcGd0axz0xKHdn D6nKs9kEerhr8h/Qo8uk4mRY1ujWAfsQq0fdhOIYiwpwZ138nsC4oGqUAEu40k5Cy72F Cf7rbfVYedrZ0J6j9uwBfCbPZRc84Lf9UxVK7nZ9lQOChhJ+//6edYd1FdzpQpJjQbSd XqPA==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Sat, Jan 6, 2018 at 1:16 PM, Will <staticphantom@gmail.com> wrote:
> I believe that was Meltdown Aaron.
>

I wouldn't rule out the possibility of Spectre being triggered by
javascript, but it would be difficult.  In order to execute Spectre
the malicious code needs to be able to call a vulnerable target
function.  Sandboxes don't usually let function calls through.
Processes that can execute arbitrary code are more of an issue.

Meltdown does not require subverting a function that already has
access to privileged memory.  It bypasses the privilege checks in the
CPU to access virtual memory outside of its ring.  This would
definitely be easier to pull off on a vulnerable CPU (Intel only I
think).

So far the Spectre attacks on Intel cannot be completely prevented
only by the use of firmware updates, though some of the solutions
being discussed require a microcode update as part of the solution.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Intel SA-00086 critical BIOS update
  - From: "Lee H. Marzke" <lee@marzke.net>
- Re: [PLUG] Intel SA-00086 critical BIOS update
  - From: Michael Lazin <microlaser@gmail.com>
- Re: [PLUG] Intel SA-00086 critical BIOS update
  - From: Ronald Guilmet <ronpguilmet@gmail.com>
- Re: [PLUG] Intel SA-00086 critical BIOS update
  - From: Michael Lazin <microlaser@gmail.com>
- Re: [PLUG] Intel SA-00086 critical BIOS update
  - From: Aaron Mulder <ammulder@alumni.princeton.edu>
- Re: [PLUG] Intel SA-00086 critical BIOS update
  - From: Will <staticphantom@gmail.com>

Prev by Date: Re: [PLUG] Bluetooth mouse without USB Dongle
Next by Date: Re: [PLUG] It's the final meltdown!! (Security vulnerabilies)
Previous by thread: Re: [PLUG] Intel SA-00086 critical BIOS update
Next by thread: [PLUG] [OT] Android development under Linux ?
Index(es):
- Date
- Thread