Vulnerabilities

In 2018 and 2019, multiple hardware vulnerabilities in Intel processors have been revealed. Other vendors were also affected in some instances. This page collects which Lightning Wire Labs Appliances are affected by which vulnerability.

All appliances ever sold with an Intel processor are capable of running IPFire in 64 bit. If you are running a 32 bit release, please upgrade.

The spectre-meltdown-checker script is available as an add-on package from Core Update 129 to detect these vulnerabilities as well as any potentially deployed mitigations.

Hardware enterprise business mini
Hardware Features
--- --- --- ---
Simultaneous Multi-Threading (SMT) Yes((disabled for mitigation)) Not Supported
Vulnerabilities
--- --- --- ---
Spectre v1((CVE-2017-5753, bounds check bypass)) ██((user pointer sanitation)) ██ ██((user pointer sanitation))
Spectre v2((CVE-2017-5715, branch target injection)) ██((Full generic retpoline)) ██ ██((Full generic retpoline))
Spectre v3/Meltdown((CVE-2017-5754, rogue data cache load)) ██((PTI)) ██ ██
Spectre v3a((CVE-2018-3640, rogue system register read)) ██ ██ ██
Spectre v4((CVE-2018-3639, speculative store bypass)) ██ ██ ██((Speculative Store Bypass disabled via prctl and seccomp))
Foreshadow (SGX)((CVE-2018-3615, L1 terminal fault)) ██ ██ ██
Foreshadow-NG (OS)((CVE-2018-3620, L1 terminal fault)) ██((PTE Inversion)) ██ ██
Foreshadow-NG (VMM)((CVE-2018-3646, L1 terminal fault)) ██ ██ ██
MDS (RIDL/Fallout/ZombieLoad) ██((mitigated by microcode, kernel patches and disabling HT https://blog.ipfire.org/post/security-announcement-disabling-smt-by-default-on-affected-intel-processors)) ██ ██

Legend

  • ██ Not Vulnerable
  • ██ Mitigated
  • ██ Vulnerable
  • ██ Unknown
Edit Page ‐ Yes, you can edit!

Older Revisions • May 22 at 9:51 am • Michael Tremer