Lines Matching full:variant
11 This document covers Spectre variant 1 and Spectre variant 2.
45 CVE-2017-5753 Bounds check bypass Spectre variant 1
46 CVE-2017-5715 Branch target injection Spectre variant 2
47 CVE-2019-1125 Spectre v1 swapgs Spectre variant 1 (swapgs)
60 Spectre variant 1 attacks take advantage of speculative execution of
61 conditional branches, while Spectre variant 2 attacks use speculative
66 Spectre variant 1 (Bounds Check Bypass)
78 There are some extensions of Spectre variant 1 attacks for reading data
82 Note that, despite "Bounds Check Bypass" name, Spectre variant 1 is not
89 Spectre variant 2 (Branch Target Injection)
102 In Spectre variant 2 attacks, the attacker can steer speculative indirect
118 One other variant 2 attack vector is for the attacker to poison the
134 Yet another variant 2 attack vector is for the attacker to poison the
155 Spectre variant 1
161 a pointer for a Spectre variant 1 attack. The index or pointer
170 Spectre variant 1 (swapgs)
200 Spectre variant 2
203 A spectre variant 2 attacker can :ref:`poison <poison_btb>` the branch
221 mitigate Spectre variant 2 instead of retpoline. Enhanced IBRS is
225 Spectre variant 2 attack by a rogue user process. To mitigate such
237 Spectre variant 1 attacks generally require passing parameters
243 Spectre variant 2 attacks can be launched from a rogue process by
249 A user process can protect itself against Spectre variant 2 attacks
278 For Spectre variant 1 attacks, rogue guests can pass parameters
284 For Spectre variant 2 attacks, rogue guests can :ref:`poison
288 To mitigate variant 2, the host kernel can use return trampolines
303 Spectre variant 1 attacks are possible if parameters can be passed
309 Spectre variant 2 attacks can be launched from a rogue guest by
318 If SMT is used, Spectre variant 2 attacks from an untrusted guest
333 The sysfs file showing Spectre variant 1 mitigation status is:
354 variant 1 are covered.
371 The sysfs file showing Spectre variant 2 mitigation status is:
390 used to protect against Spectre variant 2 attacks when calling firmware (x86 only).
453 Turning on mitigation for Spectre variant 1 and Spectre variant 2
459 Spectre variant 1
462 For the Spectre variant 1, vulnerable kernel code (as determined
466 not cover all attack vectors for Spectre variant 1.
472 For the swapgs variant of Spectre variant 1, LFENCE barriers are
477 Spectre variant 2
480 For Spectre variant 2 mitigation, the compiler turns indirect calls or
498 On CPUs with hardware mitigation for Spectre variant 2 (e.g. IBRS
503 some Spectre v2 variant attacks. The BHB can still influence the choice of
522 before invoking any firmware code to prevent Spectre variant 2 exploits
532 User programs can mitigate Spectre variant 1 using LFENCE or "bounds
535 For Spectre variant 2 mitigation, individual user programs
549 also prevent the program from launching a variant 2 attack
564 Within the kernel, Spectre variant 1 attacks from rogue guests are
567 usable disclosure gadgets. However, this may not cover all variant
570 For Spectre variant 2 attacks from rogue guests to the kernel, the
623 keys), protection against Spectre variant 2 can be put in place by
641 All Spectre variant 2 mitigations can be forced on
649 against variant 2 attacks originating from programs running on