More news on the Power architecture front, an IBM bulletin says that POWER7+ and POWER8 are getting all three CVEs patched in firmware, with OS updates also necessary. POWER9 is supposed to not need KPTI, but I have more about that in the Power Architecture thread:
Two things on the Speculative Execution front There is a new IBM firmware bulletin about Power and Speculative Execution My saga of pestering Raptor Engineering for details on GNU Social continues The IBM bulletin makes it pretty clear that POWER7+ and POWER8 are vulnerable to Meltdown. Now I’m curious how AMD dodged this bullet when ARM, Intel, and IBM did not. According to Raptor Engineering, POWER9 on Talos will not need KPTI. Does this just mean that DD2.2 silicon is not vulnerable to Meltdown, or does Meltdown mitigation on Power not require KPTI in general? Vulnerability cheatsheet CVE Group GPZ number GPZ naming CVE-2017-5715 Spectre variant 2 branch target injection CVE-2017-5753 Spectre variant 1 bounds check bypass CVE-2017-5754 Meltdown variant 3 rogue data cache load
1 Like