Today, the Google Project Zero team disclosed an additional speculative execution method to obtain data that would otherwise be protected by the CPU. Google, together with CPU, hardware and operating system vendors have worked over the past months to prepare mitigations for this vulnerability, known as Spectre v4. The vulnerability is similar to others in […]
Tag: Meltdown
By:
May 21, 2018 9:00 pm
11,444 views
By:
May 7, 2018 1:54 pm
774 viewsLive Patching Meltdown – SUSE Engineer’s research project (Part 4 – The Conclusion)
Now that everything has been set to go as described in Part 1 (Key technical obstacles for Live Patching Meltdown), Part 2 (Virtual address mappings and the Meltdown vulnerability) and Part 3 (Changes needed for Translation Lookaside Buffer (TLB) flushing primitives), the last missing piece is to actually replace the entry code and make it […]
Tags: kGraft, Live Patching, Meltdown
Categories: SUSE Linux Enterprise Live Patching
By:
May 4, 2018 12:20 pm
682 viewsLive Patching Meltdown – SUSE Engineer’s research project (Part 3)
Building upon the Part 1 (Key technical obstacles for Live Patching Meltdown) and the Part 2 (Virtual address mappings and the Meltdown vulnerability), let’s now address the needed changes to the TLB flushing primitives. In order to resolve virtual to physical addresses, a CPU must traverse the page table tree. This is a costly thing to […]
Tags: kGraft, Live Patching, Meltdown
Categories: SUSE Linux Enterprise Live Patching
By:
May 3, 2018 11:59 am
746 viewsLive Patching Meltdown – SUSE Engineer’s research project (Part 2)
Following up on the Part 1 about key technical obstacles for Live Patching Meltdown, in this blog I will give you some background on virtual address mappings in context of the Meltdown vulnerability and look at patching kGraft itself! Virtually mapped memory is a protection feature provided by the CPU, orthogonal to the privilege separation […]
Tags: kGraft, Live Patching, Meltdown
Categories: SUSE Linux Enterprise Live Patching
By:
May 2, 2018 2:37 pm
1,616 viewsLive Patching Meltdown – SUSE Engineer’s research project (Part 1)
Meltdown is one of the biggest and complex security vulnerabilities that happened recently and impacted almost everyone. I am a SUSE live patching engineer and wanted to share with you how unique fixing this vulnerability was in terms of scope and complexity. My goal was to see if I could also create a live patch […]
Tags: kGraft, Live Patching, Meltdown
Categories: SUSE Linux Enterprise Live Patching
By:
March 1, 2018 5:34 pm
825 viewsMeltdown / Spectre – a PM view
Now that some time has passed and we are through another round of patches / updates, here is a perspective on how handling the Meltdown and Spectre vulnerabilities looked. As of now, Meltdown and Spectre are mostly behind us. Well maybe not from a chip manufacturer perspective, but it is from a SUSE update perspective. Times […]
Categories: CSP, Server, SUSE in the Cloud, SUSE Linux Enterprise, SUSE Linux Enterprise Server
By:
January 4, 2018 7:58 am
76,079 viewsSUSE Addresses Meltdown and Spectre Vulnerabilities
Yesterday the security community and a number of IT vendors announced the existence of several hardware security vulnerabilities that allow potential exploits across a range of hardware architectures and operating systems including but not limited to Linux. https://meltdownattack.com/ SUSE engineers have been collaborating with our partners and the Linux community on upstream Linux kernel patches. […]
Tags: Meltdown, Security, Security Vulnerabilities, Spectre
Categories: Announcements, Compliance, Containers as a Service, Server, SUSE CaaS Platform, SUSE Linux Enterprise, SUSE Linux Enterprise Desktop, SUSE Linux Enterprise Server, SUSE News, Technical Solutions
Social Media
