Nicolai Stange
By: Nicolai Stange

May 7, 2018 1:54 pm

616 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 4 – The Conclusion)

Now that everything has been set to go as described in Part 1 (Key technical obstacles for Live Patching Meltdown), Part 2 (Virtual address mappings and the Meltdown vulnerability)  and Part 3 (Changes needed for Translation Lookaside Buffer (TLB) flushing primitives), the last missing piece is to actually replace the entry code and make it […]

Read More


Nicolai Stange
By: Nicolai Stange

May 4, 2018 12:20 pm

556 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 3)

Building upon the Part 1 (Key technical obstacles for Live Patching Meltdown) and the Part 2 (Virtual address mappings and the Meltdown vulnerability), let’s now address the needed changes to the TLB flushing primitives. In order to resolve virtual to physical addresses, a CPU must traverse the page table tree. This is a costly thing to […]

Read More


Nicolai Stange
By: Nicolai Stange

May 3, 2018 11:59 am

552 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 2)

Following up on the Part 1 about key technical obstacles for Live Patching Meltdown, in this blog I will give you some background on virtual address mappings in context of the Meltdown vulnerability and look at patching kGraft itself! Virtually mapped memory is a protection feature provided by the CPU, orthogonal to the privilege separation […]

Read More


Nicolai Stange
By: Nicolai Stange

May 2, 2018 2:37 pm

1,298 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 1)

Meltdown is one of the biggest and complex security vulnerabilities that happened recently and impacted almost everyone. I am a SUSE live patching engineer and wanted to share with you how unique fixing this vulnerability was in terms of scope and complexity. My goal was to see if I could also create a live patch […]

Read More


ronaldnu
By: ronaldnu

March 1, 2018 5:34 pm

731 views

Meltdown / Spectre – a PM view

Now that some time has passed and we are through another round of patches / updates, here is a perspective on how handling the Meltdown and Spectre vulnerabilities looked. As of now, Meltdown and Spectre are mostly behind us. Well maybe not from a chip manufacturer perspective, but it is from a SUSE update perspective. Times […]

Read More


Matthias G. Eckermann
By: Matthias G. Eckermann

January 4, 2018 7:58 am

71,110 views

SUSE Addresses Meltdown and Spectre Vulnerabilities

Yesterday the security community and a number of IT vendors announced the existence of several hardware security vulnerabilities that allow potential exploits across a range of hardware architectures and operating systems including but not limited to Linux. https://meltdownattack.com/ SUSE engineers have been collaborating with our partners and the Linux community on upstream Linux kernel patches. […]

Read More