There are a lot of links out there on Meltdown and Spectre so this is my attempt at collecting all of these links in a single place.
EXTERNAL CUSTOMER FACING LINKS (Official Red Hat Content):
- Red Hat Product Security Vulnerability Response article: Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
https://access.redhat.com/security/vulnerabilities/speculativeexecution - Recorded Webinar with Red Hat Performance Engineering Team: Meltdown and Spectre patch performance impact Q&A (Webinar is open to everyone, including customers. Just register.)
https://onlinexperiences.com/scripts/Server.nxp?LASCmd=AI:4;F:QS!10100&ShowKey=47447 - Q&A article from the above January 11, 2018 Meltdown/Spectre Webinar with Red Hat Performance Engineering Team:
https://access.redhat.com/articles/3327321 - Red Hat Blog with 3 min YouTube Video: What are Meltdown and Spectre? Here's what you need to know.
What are Meltdown and Spectre? Here’s what you need to know. - LinkedIn more technical article by Red Hat's Jon Masters: On addressing Meltdown and Spectre in future silicon...
On addressing #Meltdown and #Spectre in future silicon... | LinkedIn - Red Hat Knowledgebase article: Speculative Execution Exploit Performance Impacts - Describing the performance impacts to security patches for CVE-2017-5754 CVE-2017-5753 and CVE-2017-5715
Speculative Execution Exploit Performance Impacts - Describing the performance impacts to security patches for CVE-2017-… - Red Hat Knowledgebase article: Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables
Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 u… - Red Hat Knowledgebase article: Impacts of CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 to Red Hat Virtualization products
Impacts of CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 to Red Hat Virtualization products - Red Hat Customer Portal - Red Hat Knowledgebase article: Impact of CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 to Red Hat OpenStack
Impact of CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 to Red Hat OpenStack - Red Hat Customer Portal
- Full details released by Google's Project Zero:
Project Zero: Reading privileged memory with a side-channel - Detailed discussion of Spectre impacts on hypervisors:
QEMU and the Spectre and Meltdown attacks - QEMU - Red Hat's Mike Bursell's blog post on: Meltdown and Spectre Thinking about Embargoes and Disclosures
Meltdown and Spectre: thinking about embargoes and disclosures – Alice, Eve and Bob – a security blog - Link to the working group's page, which contains the papers on Meltdown and Spectre written by the founders and a pseudo table of vendor specific links
Meltdown and Spectre - Good telling of the story behind Spectre and Meltdown
‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown - Bloomberg - Red Hat's Michael Hausenblas blog post: Spectre-on-Kubernetes, a proof of concept
https://hackernoon.com/spectre-on-kubernetes-a-proof-of-concept-baade68284f8 - Mozilla Foundation Security Advisory: Speculative execution side-channel attack (extended this attack to browser JavaScript engines and demonstrated that code on malicious web page could read data from other web sites or private data from the browser itself)
GitHub - gonoph/ansible-meltdown-spectre: Ansible Playbook to run the Red Hat spectre-meltdown check script - Ansible Playbook to run the Red Hat spectre-meltdown check script for CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 (aka Spectre and Meltdown Kernel side-channel attacks)
https://github.com/gonoph/ansible-meltdown-spectre
No comments:
Post a Comment