Spectre just won't remain dead
Shortly after exploit code was found in a public repository, two new vulnerabilities (CVE-2020-27170 and CVE-2020-27171) have been found in the Linux Kernel code that protects against it.
Both vulnerabilities allow a local user to read kernel memory which could contain sensitive information like encryption keys. Proof-of-concept code has also been made available privately, but it is safe to assume it will eventually reach public outlets.
KernelCare Patches Against Spectre Vulnerability Are On The Way
On 9 June, Anthony Steinhauser, an engineer at Google, made some urgent posts to the Linux kernel mailing list. In them, he pointed out that hardware bugs in Intel and AMD chips are leaving servers vulnerable to Spectre exploits--even after the kernel is patched. Fortunately, a fix for this problem is being developed by the KernelCare team. First patches will be available by the end of the week of 22 June.
KernelCare fixes Meltdown and Spectre without reboots!
By now, you might have thought that the topic of Meltdown and Spectre vulnerabilities is taking a backstage in the news. Not so, as the impact and the solutions to resolve the issues seem to be the talk of the technical community still.
.png "pci dss")
Comments