We list mitigations added in all Solaris versions.
| Version (and date) | Mitigation | Platform | References |
|---|---|---|---|
| 2.6 (07/1997) | System-wide setting for non-executable stack (noexec_user_stack, NXSTACK) | SPARC | 1 2 3 |
| 7 (11/1998) | Separate kernel and user address space (KPTI) | SPARC (sun4u) | 4 |
| 9 (05/2002) | Link-time setting for non-executable stack (PT_SUNWSTACK) | SPARC | 5 |
| 10 (03/2005) | Link-time setting for non-executable stack (PT_SUNWSTACK) | x64 | 5 |
| 10 (03/2005) | System-wide setting for non-executable stack (noexec_user_stack, NXSTACK) | x64 | 1 |
| 10 (03/2005) | PRIV_PROC_INFO & PRIV_PROC_SESSION privileges to limit procfs access | All | 24 |
| 11.0.0 (11/2011) | Immutable non-global zones | All | 19 |
| 11.1.0 (10/2012), 10U11 (01/2013) | Supervisor Mode Execution Prevention (SMEP) | Intel | 6 |
| 11.1.0 (10/2012) | Address Space Layout Randomization (ASLR) | All | 1 6 |
| 11.1.0 (10/2012) | sxadm tool to manage mitigations | All | 1 6 |
| 11.2.0 (07/2014) | Immutable global zone | All | 20 |
| 11.2.0 (07/2014) | Verified Boot | SPARC | 21 |
| 11.2.8 (04/2015) | Application Data Integrity (ADI) | SPARC | 7 8 9 |
| 11.3.0 (10/2015) | Non-executable heap (NXHEAP) | All | 1 10 11 |
| 11.3.31 (04/2018) | Spectre V1 | All | 16 |
| 11.4.0 (08/2018) | ADI checking for kernel heap (KADI) | SPARC | 1 12 |
| 11.4.0 (08/2018) | ADI checking for program heap (ADIHEAP) | SPARC | 1 12 13 14 18 |
| 11.4.0 (08/2018) | ADI checking for stack (ADISTACK) | SPARC | 1 12 13 15 |
| 11.4.0 (08/2018) | Spectre V2 (IBPB, IBRS) | Intel | 1 17 |
| 11.4.0 (08/2018) | Kernel Page Table Isolation (KPTI) | Intel | 1 17 |
| 11.4.0 (08/2018) | Supervisor Mode Access Prevention (SMAP) | Intel | 1 |
| 11.4.0 (08/2018) | Application Sandboxing | All | 22 23 |
| 11.4.3 (11/2018) | Level 1 Data Cache Flush (L1DF) | Intel | 1 17 |
| 11.4.3 (11/2018) | Speculative Store Bypass Disable (SSBD) | Intel | 1 17 |
| 11.4.5 (01/2019) | PRIV_PROC_SELF privilege to further limit procfs access | All | 24 |
| 11.4.15 (11/2019) | Microarchitectural Data Sampling Avoidance (MD_CLEAR) | Intel | 1 17 |
| 11.4.18 (02/2020) | Return Stack Buffer Speculation Mitigation (RSBS) | All | 1 17 |
| 11.4.21 (05/2020) | IFU Mitigation (CVE-2018-12207) | Intel | 1 17 |
| 11.4.25 (09/2020) | TSX Disabled (TSX_DISABLE) | Intel | 1 17 |
| 11.4.30 (02/2021) | User-Mode Instruction Prevention (UMIP) | Intel | 1 |
| 11.4.42 (02/2022) | Kernel Page Table Isolation (KPTI) | AMD | 1 |
These mitigations are implemented in hardware, microcode, or firmware -- the entries below reflect when they were made visible as read-only extensions in sxadm, though they may be in effect but not visible with earlier OS versions running on top of mitigated hardware, microcode, or firmware.
| Version (and date) | Mitigation | Platform | References |
|---|---|---|---|
| 11.4.0 (08/2018) | Spectre V2 (HW_BTI) | SPARC | 1 17 |
| 11.4.5 (01/2019) | Speculative Store Bypass Disable (SSBD) | SPARC | 1 17 |
| 11.4.9 (05/2019) | Rogue Data Cache (Meltdown) Avoidance (RDCL_NO) | Intel | 1 17 |
| 11.4.15 (11/2019) | Microarchitectural Data Sampling Avoidance (MDS_NO) | Intel | 1 17 |
| 11.4.21 (05/2020) | IFU Hardware Mitigation (IF_PSCHANGE_MC_NO) | Intel | 1 17 |
| 11.4.25 (09/2020) | TSX Asynchronous Abort (TAA) Hardware Avoidance (TAA_NO) | Intel | 1 17 |