Two things on the Speculative Execution front
- There is a new IBM firmware bulletin about Power and Speculative Execution
- My saga of pestering Raptor Engineering for details on GNU Social continues
The IBM bulletin makes it pretty clear that POWER7+ and POWER8 are vulnerable to Meltdown. Now I’m curious how AMD dodged this bullet when ARM, Intel, and IBM did not. According to Raptor Engineering, POWER9 on Talos will not need KPTI. Does this just mean that DD2.2 silicon is not vulnerable to Meltdown, or does Meltdown mitigation on Power not require KPTI in general?
Vulnerability cheatsheet
| CVE | Group | GPZ number | GPZ naming |
|---|---|---|---|
| CVE-2017-5715 | Spectre | variant 2 | branch target injection |
| CVE-2017-5753 | Spectre | variant 1 | bounds check bypass |
| CVE-2017-5754 | Meltdown | variant 3 | rogue data cache load |