What changed in 3.3.9 to address Meltdown & Spectre
(Released: January 15, 2018)
‘Meltdown’ Fix. This is a kernel vulnerability which is caused by a performance optimisation of modern CPUs, called “speculative execution” which means they access memory and calculate results for code which may be executed soon. Due to a design flaw on Intel and some other (eg 64-bit ARM) CPUs, this speculative execution may be used by malicious software to bypass normal access controls and read private memory from the CPU cache. This allows access to memory belonging to the operating system, containing potentially sensitive data such as encryption keys, files from other programs, etc. This release includes a set of Linux kernel patches known as KPTI which applies stricter access controls, and prevents programs from accessing this operating system memory.