{"id":2176,"date":"2018-01-02T15:56:50","date_gmt":"2018-01-02T23:56:50","guid":{"rendered":"http:\/\/rglinuxtech.com\/?p=2176"},"modified":"2018-01-03T10:59:29","modified_gmt":"2018-01-03T18:59:29","slug":"kernel-urgent-changes-coming-to-fix-intel-cpu-security","status":"publish","type":"post","link":"https:\/\/rglinuxtech.com\/?p=2176","title":{"rendered":"Kernel &#8211; Urgent Changes in Latest Versions, to Fix Intel CPU Security.."},"content":{"rendered":"<p>Apparently, there has been a major security defect discovered in Intel CPUs, and full details have been <em>embargoed<\/em> until early-January, but there is a comprehensive article in The Register, here:\u00a0 <a href=\"https:\/\/www.theregister.co.uk\/2018\/01\/02\/intel_cpu_design_flaw\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.theregister.co.uk\/2018\/01\/02\/intel_cpu_design_flaw\/<\/a><\/p>\n<p>The Linux Kernel devs have been working to provide a workaround, as &#8211; apparently &#8211; there is no other practical solution: <a href=\"https:\/\/lkml.org\/lkml\/2017\/12\/4\/709\" target=\"_blank\" rel=\"noopener\">https:\/\/lkml.org\/lkml\/2017\/12\/4\/709<\/a><\/p>\n<p>The article does hint that &#8216;hypervisors&#8217; may also be affected, and so I would speculate that changes to VMware, as well as Xen, may be forthcoming..<\/p>\n<p>The fix will add extra processing, and will affect the overall performance of Intel CPUs..<\/p>\n<p>These changes are being incorporated in Kernel 4.14.11, and had already been incorporated in 4.15-rc6\u00a0 (look for references to &#8220;PTI&#8221; and\/or &#8220;PAGE_TABLE_ISOLATION&#8221; in the changelogs:<br \/>\n4.15-rc6:\u00a0 <a href=\"http:\/\/lkml.iu.edu\/hypermail\/linux\/kernel\/1712.3\/02898.html\" target=\"_blank\" rel=\"noopener\">http:\/\/lkml.iu.edu\/hypermail\/linux\/kernel\/1712.3\/02898.html<\/a><br \/>\n4.14.11:\u00a0\u00a0 <a href=\"https:\/\/cdn.kernel.org\/pub\/linux\/kernel\/v4.x\/ChangeLog-4.14.11\" target=\"_blank\" rel=\"noopener\">https:\/\/cdn.kernel.org\/pub\/linux\/kernel\/v4.x\/ChangeLog-4.14.11<\/a><\/p>\n<p><em>Robert Gadsdon.\u00a0\u00a0 January 2, 2018.\u00a0 <span style=\"font-size: 10pt;\">(updated January 3, 2018)<\/span><br \/>\n<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apparently, there has been a major security defect discovered in Intel CPUs, and full details have been embargoed until early-January, but there is a comprehensive article in The Register, here:\u00a0 https:\/\/www.theregister.co.uk\/2018\/01\/02\/intel_cpu_design_flaw\/ The Linux Kernel devs have been working to provide a workaround, as &#8211; apparently &#8211; there is no other practical solution: https:\/\/lkml.org\/lkml\/2017\/12\/4\/709 The article does hint <span class=\"excerpt-dots\">&hellip;<\/span> <a class=\"more-link\" href=\"https:\/\/rglinuxtech.com\/?p=2176\"><span class=\"more-msg\">Continue reading &rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1298,1323,14,15,19,20,25,1324],"tags":[1791,1789,1173,242,1790],"class_list":["post-2176","post","type-post","status-publish","format-standard","hentry","category-hardware","category-intel","category-kernel","category-linux-2","category-opinion","category-performance-2","category-vmware","category-x86_64","tag-fix-with-kernel-mods","tag-intel-cpus","tag-kernel","tag-linux","tag-security-flaw"],"_links":{"self":[{"href":"https:\/\/rglinuxtech.com\/index.php?rest_route=\/wp\/v2\/posts\/2176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rglinuxtech.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rglinuxtech.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rglinuxtech.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rglinuxtech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2176"}],"version-history":[{"count":3,"href":"https:\/\/rglinuxtech.com\/index.php?rest_route=\/wp\/v2\/posts\/2176\/revisions"}],"predecessor-version":[{"id":2186,"href":"https:\/\/rglinuxtech.com\/index.php?rest_route=\/wp\/v2\/posts\/2176\/revisions\/2186"}],"wp:attachment":[{"href":"https:\/\/rglinuxtech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rglinuxtech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rglinuxtech.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}