|
|
|
|
|
|
by hishnash
3062 days ago
|
|
|
Reading over googles project0 page it reads as if they told AMD about the issues on 2017-06-01 why would they do this if it were meltdown only? also look at the exploit numbering: Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754) according to https://cve.mitre.org/cve/identifiers/ this is sequence based so `Variant 2` was recorded to CVE before v1 and v3. I get it may take a long time (that is fine even if the patches took a few more days), what I don't get is that they released it to production (server) envs seemingly without testing. Surely even rudimentary testing (deploying on a few 1000 different server platforms for a few hours at least should be something that Intel does for all microcode updates, after all they are rather more important than js Node packages as you point out) |
|
|