Quote:
Originally Posted by lazjen
It's probably unlikely to get many exploits as fixes will come through, but it's the impact of the fixes that will be the bigger issue.
If we start seeing stuff performing significantly worse after the fix, there will be some screaming. I've been reading reports of some software that have had up to 63% performance loss due to the change. Obviously it depends on the software and what people do, but if it hits something common like web browsers, media players, etc. then stuff might hit the fan...  |
Every system call for a start.
Currently in Linux the kernel MMU page tables are mmap'ed so when
you do the context switch, they are just there and its all fast.
But the Linux patches are showing the TLB's are now having to be
flushed on each system call or each interrupt.
So for a start, anything doing lots of I/O will suffer.
Quote:
|
Originally Posted by Rick
At least it's not a remote exploit, Gary, but it could be very ugly. It will certainly be very disruptive.
|
Happy New Year Rick. Hope all is well.
True. But from what I can see is if there is some other buffer overrun
exploit in a web browser, you might use this flaw in combination with
that as part of a side-channel attack through some JavaScript.
See
https://www.youtube.com/watch?v=ewe3-mUku94
The NSA, the Russians, the Chinese and the North Koreans will be busy.