wiki.ipfire.org

The community-maintained documentation platform of IPFire

User Tools

Site Tools


hardware:lightningwirelabs:vulnerabilities

Vulnerabilities

In 2018 and 2019, multiple hardware vulnerabilities in Intel processors have been revealed. Other vendors were also affected in some instances. This page collects which Lightning Wire Labs Appliances are affected by which vulnerability.

All appliances ever sold with an Intel processor are capable of running IPFire in 64 bit. If you are running a 32 bit release, please upgrade.

The spectre-meltdown-checker script is available as an add-on package from Core Update 129 to detect these vulnerabilities as well as any potentially deployed mitigations.

Hardware IPFire Enterprise Appliance IPFire Business Appliance IPFire Mini Appliance
Hardware Features
Simultaneous Multi-Threading (SMT) Yes1) Not Supported
Vulnerabilities
Spectre v12) ██3) ██ ██4)
Spectre v25) ██6) ██ ██7)
Spectre v3/Meltdown8) ██9) ██ ██
Spectre v3a10) ██ ██ ██
Spectre v411) ██ ██ ██12)
Foreshadow (SGX)13) ██ ██ ██
Foreshadow-NG (OS)14) ██15) ██ ██
Foreshadow-NG (VMM)16) ██ ██ ██
MDS (RIDL/Fallout/ZombieLoad) ██17) ██ ██

Legend

  • ██ Not Vulnerable
  • ██ Mitigated
  • ██ Vulnerable
  • ██ Unknown
1)
disabled for mitigation
2)
CVE-2017-5753, bounds check bypass
3) , 4)
user pointer sanitation
5)
CVE-2017-5715, branch target injection
6) , 7)
Full generic retpoline
8)
CVE-2017-5754, rogue data cache load
9)
PTI
10)
CVE-2018-3640, rogue system register read
11)
CVE-2018-3639, speculative store bypass
12)
Speculative Store Bypass disabled via prctl and seccomp
13)
CVE-2018-3615, L1 terminal fault
14)
CVE-2018-3620, L1 terminal fault
15)
PTE Inversion
16)
CVE-2018-3646, L1 terminal fault
hardware/lightningwirelabs/vulnerabilities.txt · Last modified: 2019/05/22 09:51 by Michael Tremer