Thursday, April 23, 2009

FUD Factory in Full Force

Looks like microsoft aficionados are at it again: Intel CPU cache poisoning: dangerously easy on Linux

While it's true it's fairly easy to manipulate the MTRR registers on Linux. You still need to write the actual SMM code to execute and I'm sure anyone able to do that, will be able to download an example windows device driver and add some MTRR manipulation instructions to it. Either way, both Linux and Windows are vulnerable to this.. since it's not an OS issue.

As for the comments on that post.. if the virtualization layer you're using allows a virtual machine to manipulate the MTRR registers, you have bigger things to worry about!

It's a pity sites like Heise online already picked up on this.