***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 25.1.1 (amd64) at Thu Feb 13 20:04:31 CET 2025
vulnxml file up-to-date
cpu-microcode-intel-20241112 is vulnerable:
Intel CPUs -- multiple vulnerabilities
CVE: CVE-2024-37020
CVE: CVE-2024-39355
CVE: CVE-2023-43758
CVE: CVE-2024-36293
CVE: CVE-2024-31068
WWW: https://vuxml.FreeBSD.org/freebsd/d598266d-7772-4a31-9594-83b76b1fb837.html
1 problem(s) in 1 installed package(s) found.
***DONE***
Im running opnsense on hp elite desk 800 g2 ssf (intel i5-6500). Bios updates are no longer supported. Produckt is outdated. What i can do with this vulnerabilities?
The patches weren't available in FreeBSD before 25.1.1 was released. They would be part of 25.1.2 most likely.
Whether you have any of the affected CPUs is another story, but I wouldn't worry to much about it if running on bare metal, everything should be fine until you get the new microcode.
AFAICT, those vulnerabilities are present only in newer Intel generations, at least the fixes are only available for these generations:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250211
Usually, there are no vulnerabilities that can be exploited from outside. OpnSense, being an appliance, is not used from any users that could easily exploit such vulnerabilities.
Otherwise, the new microcode is really fresh (2 days old), even FreeBSD has only released a port, but no binary packages. Nevertheless, I have opened an issue for OpnSense (https://github.com/opnsense/ports/issues/219). I would expect that an update for the package will be available in due time. That being said, it would not apply to your specific CPU.