And again, after Meltdown, Spectre, and Foreshadow, current SPARC CPUs are also not effected by ZombieLoad…
While programs usually only see their own data, a malicious program can exploit the stuffing buffers to gain secrets that are currently being processed by other running programs. These secrets can be user-level secrets, e.g. browsing history, site content, user keys and passwords, or system-level secrets such as HDD encryption keys.
Oracle’s response to these MDS issues:
“Oracle has determined that Oracle SPARC servers are not affected by these MDS vulnerabilities.”
So these four distinct CVE identifiers will only affect Intel implementations;
CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS)
CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS)
That’s another prove to run your mission critical workloads on Solaris SPARC to get security, compliance and all important features to ensure an enterprise architecture.
Did I say welcome to cloud computing today? 😉