Greetings freebsd-security, Are there any plans to mitigate Spectre Variant 1? I ran `spectre-meltdown-checker.sh` from https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh and it says there is not mitigation for BSD yet. Knowing that all the CPU vulnerabilities were mitigated except this one, I'm unsure if the script is actually wrong. In addition, MDS was mitigated very quickly with advisories while I haven't heard any news about this one. Thank you -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20190526/4ee15628/attachment.sig>
Łukasz Wąsikowski
2019-May-26 14:24 UTC
CVE-2017-5753 (Spectre Variant 1, bounds check bypass)
W dniu 2019-05-26 o?16:17, freneza pisze:> Are there any plans to mitigate Spectre Variant 1? > > I ran `spectre-meltdown-checker.sh` from > https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh > and it says there is not mitigation for BSD yet.And how about retpoline for Spectre Variant 2? AFAIR FreeBSD use IBRS which is much slower than retpoline. -- best regards, Lukasz Wasikowski