Linux May Gain Protection Against Hyper-Threading Attacks
Oracle security researchers have been working on security feature for Linux kernels that could protect Linux-based systems against attacks that affect Intel's Hyper-Threading (HT) feature. Multiple side-channel threats the feature's vulnerable against, including L1TF/Foreshadow and the MDS attacks, have been revealed over the past few months.
The Oracle developers didn't specify whether or not the recent MDS[*] attacks against Intel's HT would also be mitigated through its Kernel Address Space Isolation (KASI), only that it will protect against L1TF/Foreshadow. Other side-channel attacks seem to be up for debate, as any extra isolation being introduced into the kernel could potentially impact the performance of Linux systems.
[...] They're now looking for suggestions on how to improve the feature before they attempt to merge it into an official release of the Linux kernel.
[*] MDS — Microarchitectural Data Sampling. See the explanation by Intel and an in-depth description and analysis at https://mdsattacks.com/.
(Score: 1, Touché) by Anonymous Coward on Wednesday July 17 2019, @08:03AM
So, step one, to avoid really stupid security vulns, do not run a Micro$erf operating system.
DONE.
Step two, to avoid not quite so stupid, but still stupid, hardware vulns, do not run Intel silicon.
DONE.
So, now, what were you saying, again? Please wake me up when you have a security issue that applies to non-stupid system operators.
Yours, AMD Linux user.