[RndTbl] Horrific CPU flaws (Meltdown / Spectre)

Gilles Detillieux grdetil at scrc.umanitoba.ca
Thu Jan 4 17:13:04 CST 2018

I just updated our Scientific Linux systems, which means the RHEL 
updates are out too, and presumably CentOS updates are too or will be 
shortly. These updates included firmware/microcode packages, which I'm 
assuming are loaded on reboot as well. Some of the reports I read 
suggested that you'd need to reflash your BIOS/UEFI firmware once the PC 
manufacturers release these updates. Are those reports in error, 
confusing the two types of firmware, or are we going to have to hunt 
down PC or mobo-specific firmware updates for this whole debacle too?

On 2018-01-04 17:00, Trevor Cordes wrote:
> FYI, Fedora has just released the latest kernel that has initial
> mitigation for Meltdown.  I'm sure other distros are doing likewise.
> It'll be interesting to see the performance hits we all take on this.
> Of course you'll have to reboot for the update to take effect.  I
> suspect we'll see rapidfire releases of kernels for the next few
> weeks...
> P.S. Alan Cox has stated that the Spectre-type flaw (I think) could be
> triggered with a JS attack, causing the browser to leak sensitive data
> outside the sandbox to malicious JS / websites.  Proving once again we
> all need NoScript or equivalent.

Gilles R. Detillieux              E-mail: <grdetil at scrc.umanitoba.ca>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. of Physiology and Pathophysiology, Faculty of Health Sciences,
Univ. of Manitoba  Winnipeg, MB  R3E 0J9  (Canada)

More information about the Roundtable mailing list