Meltdown, Spectre, and what they mean for Linux users

Superbugs

© Lead Image © Natalia Lukiyanova, 123RF.com

© Lead Image © Natalia Lukiyanova, 123RF.com

Article from Issue 211/2018
Author(s):

The blatant security holes known as Meltdown and Spectre, which are built into the computer hardware, are likely to keep us busy for the next few years. How is the Linux community addressing this unexpected challenge?

The year 2018 began with a disaster for IT: We learned that most processors sold in the last 15 years come with two blatant bugs that make our systems vulnerable. The vulnerabilities, named Meltdown and Spectre, mainly affect CPUs of the market leader Intel, but related problems are also present in Apple, AMD, PowerPC, and ARM64 processors. (To the relief of makers around the world, the all-clear has been issued for all Raspberry Pi models.)

These security gaps, which are largely a result of the race for increasingly faster computers, will persist for a very long time and can only be completely eliminated with a new generation of CPUs – probably years in the future. Kernel developers will have to deal with the vulnerabilities that are opening up on PCs, smartphones, and even cloud service for a long time to come. With smartphones and tablets, only owners of currently supported devices can hope to eliminate the vulnerabilities; older devices remain unprotected.

In addition to the vulnerabilities that became known in January, security researchers published further attack scenarios [1] on February 14th. The previous software patches probably also cover these new attack vectors, but for Intel, this means that the changes to the CPU blueprints developed so far must be scrapped, and the engineers have to go back to the drawing board.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Linus Torvalds Rips Intel for Meltdown and Spectre Flaws

    Torvalds is not happy with the way Intel handled these two vulnerabilities.

  • Kernel News

    Improving Netfilter Efficiency; Protecting Memory from Malicious Modification; and Speeding Up Workarounds for Intel Security Flaws.

  • News

    Dell kickstarts 2018 with a brand new Linux laptop, Linus Torvalds rips Intel for meltdown and Spectre flaws, LibreOffice-based CODE 3.0 released, Google announces Kubeflow to bring Kubernetes to machine learning, and a critical flaw in phpMyAdmin. 

  • Torvalds is Not Happy with Intel's Patch, Calls it Garbage

    Intel is asking users to stop deploying the patches

  • NEWS

    This month in the news: Chromebooks support Debian applications, Opera embraces Snap for Linux, Canonical fixes boot failure issues in Ubuntu, weird unofficial LibreOffice version shows up in the Microsoft Store, new version of the Spectre vulnerability allows attack from the network, and SUSE sold for $2.5 Billion. 

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News