Opened 7 months ago

#15064 new bug

Mitigate ZombieLoad and other MDS (Microarchitectural Data Sampling) Intel vulnerabilities

Reported by: waddlesplash Owned by: nobody
Priority: normal Milestone: Unscheduled
Component: System/Kernel Version: R1/Development
Keywords: security Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All


The fix is to use the VERW instruction with patched microcode on kernel exit; this flushes the relevant buffers.

NetBSD's fix:

We already have a kernel altcodepatch mechanism for SMAP, so we can use that here for the vulerable CPUs as well.

Change History (0)

Note: See TracTickets for help on using tickets.