<P> Mitigation of this vulnerability requires changes to operating system kernel code, including increased isolation of kernel memory from user - mode processes . Linux kernel developers have referred to this measure as kernel page - table isolation (KPTI). KPTI patches have been developed for Linux kernel 4.15, and have been released as a backport in kernels 4.14. 11, 4.9. 75 . Red Hat released kernel updates to their Red Hat Enterprise Linux distributions version 6 and version 7 . CentOS also already released their kernel updates to CentOS 6 and CentOS 7 . </P> <P> Apple included mitigations in macOS 10.13. 2, iOS 11.2, and tvOS 11.2 . These were released a month before the vulnerabilities were made public . Apple has stated that watchOS and the Apple Watch are not affected . Additional mitigations were included in a Safari update as well a supplemental update to macOS 10.13, and iOS 11.2. 2 . </P> <P> Microsoft released an emergency update to Windows 10, 8.1, and 7 SP1 to address the vulnerability on January 3, 2018, as well as Windows Server (including Server 2008 R2, Server 2012 R2, and Server 2016) and Windows Embedded Industry . These patches are incompatible with third - party antivirus software that use unsupported kernel calls; systems running incompatible antivirus software will not receive this or any future Windows security updates until it is patched, and the software adds a special registry key affirming its compatibility . The update was found to have caused issues on systems running certain AMD CPUs, with some users reporting that their Windows installations did not boot at all after installation . On January 9, 2018, Microsoft paused the distribution of the update to systems with affected CPUs while it investigates and addresses this bug . </P> <P> It was reported that implementation of KPTI may lead to a reduction in CPU performance, with some researchers claiming up to 30% loss in performance, depending on usage, though Intel considered this to be an exaggeration . It was reported that Intel processor generations that support process - context identifiers (PCID), a feature introduced with Westmere and available on all chips from the Haswell architecture onward, were not as susceptible to performance losses under KPTI as older generations that lack it . This is because the selective translation lookaside buffer (TLB) flushing enabled by PCID (also called address space number or ASN under the Alpha architecture) enables the shared TLB behavior crucial to the exploit to be isolated across processes, without constantly flushing the entire cache--the primary reason for the cost of mitigation . </P>

Which processors are effected by meltdown and spectre