AMD core developer recently announced a significant milestone in the confrontation of CPU vulnerabilities in the Linux core. With a total of 15 Linux modes now supported, the task of transferring all vulnerabilities on the nucleus command line has proven to be challenging.
To address this issue, the developer proposed a new approach to focus on blocking attack vectors rather than adjusting specific vulnerabilities. The proposed methods of blocking involve activating different types of insulation disorders:
- mitigate_user_kernel: between the user and the nucleus
- mitigate_user_user: between the user and other users
- mitigate_host_host: between the guest system and the host
- mitigate_guest_guest: between different guest systems
- mitigate_cross_thread: between different threads
/Reports, release notes, official announcements.