Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: newtwork_noob_2878237843 on November 20, 2021, 08:57:46 PM

Title: spectre/meltdown vulnerability - CVE-2018-3639
Post by: newtwork_noob_2878237843 on November 20, 2021, 08:57:46 PM
I just updated my CPU's micro code (Celeron 3855U) and I ran the spectre & meltdown checker afterwards. I get a warning about a vulnerability to CVE-2018-3639 as shown in the attached image. Does anyone know why the mitigation isn't turned on? Cheers
Title: Re: spectre/meltdown vulnerability - CVE-2018-3639
Post by: Patrick M. Hausen on November 20, 2021, 09:08:44 PM
Side channel attacks are most relevant in a multi-tenant context, i.e. "cloud" servers used by multiple customers in parallel. A firewall with most processes running as root, anyway, and no user logins, is not considered a target.
You would need remote code execution first and then the system is pwned, anyway.

HTH,
Patrick
Title: Re: spectre/meltdown vulnerability - CVE-2018-3639
Post by: newtwork_noob_2878237843 on November 20, 2021, 09:26:33 PM
Thanks Patrick. So simply running a VPN does not expose you to the vulnerability? If there is any risk, do you know if there's a performance penalty to turning on the mitigation? If not, do you do know how to turn it on?
Title: Re: spectre/meltdown vulnerability - CVE-2018-3639
Post by: Patrick M. Hausen on November 20, 2021, 10:22:13 PM
There is a performance penalty. I don't see any risk, but some might disagree.
That's why the mitigation defaults to "off" - the developers seem to agree with me.
Text only | Text with Images