Re: Spectre/Meltdown impact on network devices
Jason Gmail wrote:
The only business I've been looking at is AWS
https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
It merely says: All instances across the Amazon EC2 fleet are protected from all known threat vectors from the CVEs previously listed. not spectre in general. But, as mentioned in: https://access.redhat.com/security/cve/cve-2017-5715 It relies on the presence of a precisely-defined instruction sequence in the privileged code and https://access.redhat.com/security/cve/cve-2017-5753 It relies on the presence of a precisely-defined instruction sequence in the privileged code CVEs previously listed are spectre attacks between privileged and unprivileged codes, which means spectre attack between unprivileged codes is still possible with AWS, which is why we should avoid cloud servers, until CPU hardware is fixed. Masataka Ohta
participants (1)
-
Masataka Ohta