Re: [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33

Pavel Machek


Although patches for MDS are included in this release, no test code has been
published for these, so we have not tested for MDS. Also, patches did not
really follow the stable rules, so they could not be checked the same way
as checking for other patches. But the bug is ugly enough so we included
the patches anyway.
For the above reasons, modern x86 CPUs can not really be trusted with secrets;
similar attacks are likely to happen in future.
I wouldn't see it that extreme, it still heavily depends on what you are running and where. Also, the attacks are getting more complex.
Well, most systems do not really need to protect local user's secrets
from each other. We simply don't allow code execution for untrusted

If someone decides to combine "top secret document storage" and
"honeypot giving shell to attackers" on single machine, well, they are
asking for trouble.

Best regards,
(cesky, pictures)

Join { to automatically receive all group messages.