Annotation of wikisrc/security/meltdown_spectre.mdwn, revision 1.20
1.6 maxv 1: [[!meta title="Meltdown and Spectre Status Page"]]
1.1 maxv 2:
3: Status of the Fixes
4: -------------------
5:
1.18 maxv 6: NetBSD-6, and all the anterior releases, have no planned fixes.
7:
1.7 maxv 8: ## Spectre Variant 1
9:
1.1 maxv 10: [[!table data="""
1.18 maxv 11: Port |Vendor/Model |Spectre (V1) |NetBSD-7 |NetBSD-8 |NetBSD-current
12: amd64 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
13: amd64 |AMD |Vulnerable |Not fixed |Not fixed |Not fixed
14: amd64 |VIA |Unknown | | |
15: i386 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
16: i386 |AMD |Vulnerable |Not fixed |Not fixed |Not fixed
17: i386 |VIA |Unknown | | |
18: mips |MIPS P5600 |Vulnerable |Not fixed |Not fixed |Not fixed
19: mips |MIPS P6600 |Vulnerable |Not fixed |Not fixed |Not fixed
20: mips |Other Models |Not vulnerable | | |
21: ia64 |Intel |Not vulnerable | | |
22: riscv |(Spec.) |Not vulnerable | | |
1.1 maxv 23: """]]
24:
1.7 maxv 25: ## Spectre Variant 2
26:
1.1 maxv 27: [[!table data="""
1.18 maxv 28: Port |Vendor/Model |Spectre (V2) |NetBSD-7 |NetBSD-8 |NetBSD-current
1.19 maxv 29: amd64 |Intel |Vulnerable |Not fixed |Not fixed |Fixed [MitigB]
30: amd64 |AMD |Vulnerable |Not fixed |Not fixed |Fixed [MitigC]
1.18 maxv 31: amd64 |VIA |Unknown | | |
32: i386 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
33: i386 |AMD |Vulnerable |Not fixed |Not fixed |Not fixed
34: i386 |VIA |Unknown | | |
35: mips |MIPS P5600 |Vulnerable |Not fixed |Not fixed |Not fixed
36: mips |MIPS P6600 |Vulnerable |Not fixed |Not fixed |Not fixed
37: mips |Other Models |Not vulnerable | | |
38: ia64 |Intel |Not vulnerable | | |
39: riscv |(Spec.) |Not vulnerable | | |
1.1 maxv 40: """]]
41:
1.7 maxv 42: ## Meltdown
43:
1.1 maxv 44: [[!table data="""
1.18 maxv 45: Port |Vendor/Model |Meltdown (V3) |NetBSD-7 |NetBSD-8 |NetBSD-current
1.20 ! maxv 46: amd64 |Intel |Vulnerable |Not fixed |Fixed [MitigA] |Fixed [MitigA]
1.18 maxv 47: amd64 |AMD |Not vulnerable | | |
48: amd64 |VIA |Unknown | | |
49: i386 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
50: i386 |AMD |Not vulnerable | | |
51: i386 |VIA |Unknown | | |
52: mips |MIPS P5600 |Not vulnerable | | |
53: mips |MIPS P6600 |Not vulnerable | | |
54: mips |Other Models |Not vulnerable | | |
55: ia64 |Intel |Not vulnerable | | |
56: riscv |(Spec.) |Not vulnerable | | |
1.1 maxv 57: """]]
58:
1.16 maxv 59: ## Mitigations
60:
61: ### Mitigation A: SVS
62:
63: Meltdown is mitigated with the SVS feature. It can be dynamically disabled
64: by changing the "machdep.svs.enabled" sysctl.
65:
1.19 maxv 66: ### Mitigation B: Intel IBRS
67:
68: SpectreV2 can be mitigated with the IBRS method (Intel only for now). If
69: the CPU supports this method, it is used automatically. It can be
70: dynamically disabled by changing the "machdep.spectre_v2.mitigated"
71: sysctl.
72:
73: ### Mitigation C: AMD DIS_IND
74:
75: SpectreV2 can be mitigated with the DIS_IND method, available only on a
76: few AMD families. If the CPU supports this method, it is used
77: automatically. It can be dynamically disabled by changing the
78: "machdep.spectre_v2.mitigated" sysctl.
79:
1.10 maxv 80: ## External Resources
81:
1.11 maxv 82: * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
1.12 maxv 83: * [ARM Security Update](https://developer.arm.com/support/security-update)
1.15 maxv 84: * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
1.10 maxv 85:
1.13 maxv 86: ## Notes
87:
88: * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
89: * For Spectre Variant 2, neither Intel, nor AMD, has issued a stable microcode update.
90:
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to meltdown_spectre.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / security