OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • spectre/meltdown vulnerability - CVE-2018-3639
« previous next »
  • Print
Pages: [1]

Author Topic: spectre/meltdown vulnerability - CVE-2018-3639  (Read 1661 times)

newtwork_noob_2878237843

  • Newbie
  • *
  • Posts: 10
  • Karma: 0
    • View Profile
spectre/meltdown vulnerability - CVE-2018-3639
« on: November 20, 2021, 08:57:46 pm »
I just updated my CPU's micro code (Celeron 3855U) and I ran the spectre & meltdown checker afterwards. I get a warning about a vulnerability to CVE-2018-3639 as shown in the attached image. Does anyone know why the mitigation isn't turned on? Cheers
Logged

Patrick M. Hausen

  • Hero Member
  • *****
  • Posts: 6748
  • Karma: 568
    • View Profile
Re: spectre/meltdown vulnerability - CVE-2018-3639
« Reply #1 on: November 20, 2021, 09:08:44 pm »
Side channel attacks are most relevant in a multi-tenant context, i.e. "cloud" servers used by multiple customers in parallel. A firewall with most processes running as root, anyway, and no user logins, is not considered a target.
You would need remote code execution first and then the system is pwned, anyway.

HTH,
Patrick
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

newtwork_noob_2878237843

  • Newbie
  • *
  • Posts: 10
  • Karma: 0
    • View Profile
Re: spectre/meltdown vulnerability - CVE-2018-3639
« Reply #2 on: November 20, 2021, 09:26:33 pm »
Thanks Patrick. So simply running a VPN does not expose you to the vulnerability? If there is any risk, do you know if there's a performance penalty to turning on the mitigation? If not, do you do know how to turn it on?
« Last Edit: November 20, 2021, 09:30:36 pm by newtwork_noob_2878237843 »
Logged

Patrick M. Hausen

  • Hero Member
  • *****
  • Posts: 6748
  • Karma: 568
    • View Profile
Re: spectre/meltdown vulnerability - CVE-2018-3639
« Reply #3 on: November 20, 2021, 10:22:13 pm »
There is a performance penalty. I don't see any risk, but some might disagree.
That's why the mitigation defaults to "off" - the developers seem to agree with me.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • spectre/meltdown vulnerability - CVE-2018-3639
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2