spectre/meltdown vulnerability - CVE-2018-3639

newtwork_noob_2878237843 · November 20, 2021, 08:57:46 PM

I just updated my CPU's micro code (Celeron 3855U) and I ran the spectre & meltdown checker afterwards. I get a warning about a vulnerability to CVE-2018-3639 as shown in the attached image. Does anyone know why the mitigation isn't turned on? Cheers

Patrick M. Hausen · November 20, 2021, 09:08:44 PM

Side channel attacks are most relevant in a multi-tenant context, i.e. "cloud" servers used by multiple customers in parallel. A firewall with most processes running as root, anyway, and no user logins, is not considered a target.
You would need remote code execution first and then the system is pwned, anyway.

HTH,
Patrick

newtwork_noob_2878237843 · November 20, 2021, 09:26:33 PM

Thanks Patrick. So simply running a VPN does not expose you to the vulnerability? If there is any risk, do you know if there's a performance penalty to turning on the mitigation? If not, do you do know how to turn it on?

Patrick M. Hausen · November 20, 2021, 10:22:13 PM

There is a performance penalty. I don't see any risk, but some might disagree.
That's why the mitigation defaults to "off" - the developers seem to agree with me.

spectre/meltdown vulnerability - CVE-2018-3639

newtwork_noob_2878237843

November 20, 2021, 08:57:46 PM

Patrick M. Hausen

November 20, 2021, 09:08:44 PM #1

newtwork_noob_2878237843

November 20, 2021, 09:26:33 PM #2 Last Edit: November 20, 2021, 09:30:36 PM by newtwork_noob_2878237843

Patrick M. Hausen

November 20, 2021, 10:22:13 PM #3