gareth evans  writes:
> Is it true that the RPi4 is susceptible to these
> security attacks but that no previous versions are?

https://developer.arm.com/support/arm-security-updates/speculative-processor-vu
lnerability
describes which cores are susceptible to which attacks.  The variants
that the Pi4’s CPU are vulnerable to are as follows:

* Variants 1 and 2 (CVE-2017-5753 and CVE-2017-5715) are Spectre. An
  attacker can bypass validity checks and access data that’s supposed to
  be secret.

* Variant 3A (CVE-2018-3640) is essentially Meltdown but for registers
  instead of memory. An attacker can bypass CPU-level privilege checks
  and read access data that is supposed to be secret.

* Variant 4 (CVE-2018-3639) is a speculative store bypass. An attacker
  can access data that was supposed to have been overwritten.

The other Pi CPU cores are not listed and therefore not vulnerable to
any known speculation-based attacks.

Since the original Spectre/Meltdown research, a _lot_ of variants have
been identified. It’s likely that there are more to come. Arm’s record
has been very good here, but it’s not impossible that future issues may
impact Arm cores too.

--
https://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05