On Wed, Jan 3, 2018 at 11:53 PM John Sellens via talk <talk@gtalug.org> wrote:
One could assert that the days of time sharing systems are largely over, at least on production systems that people care about.
And I think it's fair to say that it has been good practice for quite some time to not allow random binaries to run on systems you care about.
I have no idea whether hypervisors (like xen or esxi) are vulnerable. But the same guidelines can be applied to VMs running on hypervisors.
Xen and kvm are both affected.
I wonder how exploitable this problem really is?
Meltdown already has some exploits around that I am seeing. I also believe there is some poc code out there to exploit it. One of which I believe is executing JavaScript in your web browser to get kernel space data. Dhaval