Jump to content

Recommended Posts

More attack vectors have been discovered in Intel CPUs. Linux kernel devs frantically develop patches:




Reading between the lines, except for people running stand-alone Linux desktops, Canonical recommended you make the patches and disable hyper-threading.


This also means Linux-based containers and VMs are also open to attack. To protect yourself, you'll need to patch the following Linux files: Kernel, kernel-rt, libvirt, qemu-kvm, qemu-kvm-rhev, and microcode_clt on all your systems. In particular, there's a known attack vector for CE-2018-12130, which enables a malicious VM or container spy another containers or VMs. In other words, you must patch all your running containers and VMs on a server -- or one bad apple can reveal the data in the patched ones.



Unlike the earlier Meltdown and Spectre problems, Intel was given time to ready itself for this problem. Intel has released microcode patches. These help clear the processor's buffers, thus preventing data from being read.

To defend yourself, your processor must be updated, your operating system must be patched, and for the most protection, Hyper-Threading disabled. When Meltdown and Spectre showed up, the Linux developers were left in the dark and scrambled to patch Linux. This time, they've been kept in the loop.



Share this post

Link to post
Share on other sites

Debian also has fresh security upgrades for intel-microcode and kernels.

  • Like 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...