Closed ralaud closed 6 years ago
There's no complete patch available, so what are you asking for exactly?
There's no complete patch available
I did not know that there is no complete patch. Thanks for your fast information and for your work in linux-hardened kernel.
I don't think there ever will be a complete patch available, unfortunately. They can only fix things on a case-by-case basis now.
The latest release is 4.15.2.a though, so you can update to that, which has more of these fixes.
So its necessary to upgrade CPU later, if I want a complete fix?
If Intel or AMD ever feels like making a CPU not vulnerable to it. The kernel can work around it on a case by case basis, which they're doing, but it can never realistically be fully mitigated.
They won't necessarily be interested in making a CPU without this vulnerability. The performance hit may be too high...
But big companies like Google, Amazon or Microsoft could force Intel and AMD. They need to focus on security, for their Cloud services.
Is it possible to use machine learning for automating the case by case basis?
Case by case method is working :)
KPTI mitigates Variant 3, retpolines nearly fully mitigate Variant 2 (with other more expensive options available) but there isn't going to be a magic bullet for Variant 1.
Having a few things sanitized doesn't really change that it's an issue everywhere else. It's also an issue for lots of userspace programs too, not just the userspace <-> kernel boundary or remote <-> kernel boundary.
Is CVE-2017-5753 already patched ?
Because,![screenshot-vuln](https://user-images.githubusercontent.com/27868982/35988580-2555b16a-0cff-11e8-9530-def36a7fe8e2.png)
With regards.