wiki.ipfire.org

The community-maintained documentation platform of IPFire

User Tools

Site Tools


hardware:lightningwirelabs:vulnerabilities

Vulnerabilities

In 2018, multiple hardware vulnerabilities in Intel processors have been revealed. Other vendors were also affected in some instances. This page collects which Lightning Wire Labs Appliances are affected by which vulnerability.

All appliances ever sold with an Intel processor are capable of running IPFire in 64 bit. If you are running a 32 bit release, please upgrade.

The spectre-meltdown-checker script is available as an add-on package from Core Update 129 to detect these vulnerabilities as well as any potentially deployed mitigations.

Hardware Spectre v11) Spectre v22) Spectre v3/Meltdown3) Spectre v3a4) Spectre v45) Foreshadow (SGX)6) Foreshadow-NG (OS)7) Foreshadow-NG (VMM)8)
IPFire Enterprise Appliance ██9) ██10) ██11) ██ ██ ██ ██12) ██
IPFire Mini Appliance ██13) ██14) ██ ██ ██15) ██ ██ ██

Legend

  • ██ Not Vulnerable
  • ██ Mitigated
  • ██ Vulnerable
  • ██ Unknown
1)
CVE-2017-5753, bounds check bypass
2)
CVE-2017-5715, branch target injection
3)
CVE-2017-5754, rogue data cache load
4)
CVE-2018-3640, rogue system register read
5)
CVE-2018-3639, speculative store bypass
6)
CVE-2018-3615, L1 terminal fault
7)
CVE-2018-3620, L1 terminal fault
8)
CVE-2018-3646, L1 terminal fault
9) , 13)
user pointer sanitation
10)
Full generic retpoline
11)
PTI
12)
PTE Inversion
14)
Full retpoline
15)
Speculative Store Bypass disabled via prctl and seccomp
hardware/lightningwirelabs/vulnerabilities.txt · Last modified: 2019/03/13 17:51 by Michael Tremer