Downfall #465
Comments
|
Apparently the only possible mitigation is a microcode firmware update. I'll at least be able to add affected/not affected check as the list of impacted CPUs has been published by Intel at their usual page (https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html) and I now have a script to parse that and integrate it easily. |
|
https://www.phoronix.com/news/Intel-20230808-Microcode |
|
Yes indeed thanks! |
|
Thanks @PandiPanda69 , I see contradictory information about Intel CPUs that support AVX2/512, that are out of support (a few years old), and not listed in the Kernel vuln blacklist. Intel won't say, and the kernel would deem them unaffected, but it seems contradictory to the Downfall white paper, which implies all models from 4th hen are affected... |
|
Added a commit to your PR, can you test it, if possible? |
|
Tested on a different kind of CPU (Atom, ARM, AMD, Intel) with old ucode, new ucode, old kernel, patched kernel, vanilla & grsec, behavior is as expected 👍 |
|
Merged, thanks for your help. I'm leaving this open because we still miss minor things to deem this complete, these will be implemented when I'm back from holidays:
These are just convenience features, current code is enough to answer questions such as "am I affected/vulnerable?" |
Can this vulnerability be added?
https://downfall.page/
The text was updated successfully, but these errors were encountered: