Catalin Cimpanu, writing for BleepingComputer: Academics from multiple universities have announced fixes for two severe security flaws known as Spectre and Rowhammer. Both these fixes are at the software level, meaning they don’t require CPU or RAM vendors to alter products, and could, in theory, be applied as basic software patches. The first of these new mitigation mechanisms was announced on Thursday, last week. A research team from Dartmouth College in New Hampshire says it created a fix for Spectre Variant 1 (CVE-2017-5753), a vulnerability discovered at the start of the year affecting modern CPUs. Their fix uses ELFbac, an in-house-developed Linux kernel patch that brings access control policies to runtime virtual memory accesses of Linux processes, at the level of ELF binary executables. […] The second fix for a major flaw announced last week came on Saturday from the Systems and Network Security Group at VU Amsterdam. Researchers announced a new technique called ZebRAM that they said is a comprehensive software protection against Rowhammer attacks.
of this story at Slashdot.
Source:: Slashdot