Opened 4 months ago

#15064 new bug

Mitigate ZombieLoad and other MDS (Microarchitectural Data Sampling) Intel vulnerabilities

Reported by: waddlesplash Owned by: nobody
Priority: normal Milestone: Unscheduled
Component: System/Kernel Version: R1/Development
Keywords: security Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All

Description

The fix is to use the VERW instruction with patched microcode on kernel exit; this flushes the relevant buffers.

NetBSD's fix: https://github.com/NetBSD/src/commit/afab82aeafd0c51afc036a8b35dd0ed428b2885b

We already have a kernel altcodepatch mechanism for SMAP, so we can use that here for the vulerable CPUs as well.

Change History (0)

Note: See TracTickets for help on using tickets.