This issue was opened to check on the possible need for Meltdown and Spectre attack mitigation. These attack vectors basically allow known memory locations to be read, possibly exposing sensitive data. The one issue that was brought up would be keeping private keys unencrypted in memory for too long and exposing them to this attack. However these vulnerabilities are still relatively new and the mitigations for them are not finalized. At the time of this writing no specific changes have been outlined or put in place.
Feed for tag: spectre
On 2018-01-03 various research papers and security blogs were posted regarding an embedded security flaw that effects many CPUs. Security researchers from Google’s Project Zero team tested and reproduced data leaks that occur on CPUs and cache memory (regardless of the operating system being run).