1: [[!meta title="Meltdown and Spectre Status Page"]]
2:
3: Status of the Fixes
4: -------------------
5:
6: NetBSD-6, and all the anterior releases, have no planned fixes.
7:
8: ## Spectre Variant 1
9:
10: [[!table data="""
11: Port |Vendor/Model |Spectre (V1) |NetBSD-7 |NetBSD-8 |NetBSD-current
12: amd64 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
13: amd64 |AMD |Vulnerable |Not fixed |Not fixed |Not fixed
14: amd64 |VIA |Unknown | | |
15: i386 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
16: i386 |AMD |Vulnerable |Not fixed |Not fixed |Not fixed
17: i386 |VIA |Unknown | | |
18: mips |MIPS P5600 |Vulnerable |Not fixed |Not fixed |Not fixed
19: mips |MIPS P6600 |Vulnerable |Not fixed |Not fixed |Not fixed
20: mips |Other Models |Not vulnerable | | |
21: ia64 |Intel |Not vulnerable | | |
22: riscv |(Spec.) |Not vulnerable | | |
23: """]]
24:
25: ## Spectre Variant 2
26:
27: [[!table data="""
28: Port |Vendor/Model |Spectre (V2) |NetBSD-7 |NetBSD-8 |NetBSD-current
29: amd64 |Intel |Vulnerable |Not fixed |Not fixed |Fixed [MitigB] [MitigD]
30: amd64 |AMD |Vulnerable |Not fixed |Not fixed |Fixed [MitigC] [MitigD]
31: amd64 |VIA |Unknown | | |
32: i386 |Intel |Vulnerable |Not fixed |Not fixed |Fixed [MitigD]
33: i386 |AMD |Vulnerable |Not fixed |Not fixed |Fixed [MitigC] [MitigD]
34: i386 |VIA |Unknown | | |
35: mips |MIPS P5600 |Vulnerable |Not fixed |Not fixed |Not fixed
36: mips |MIPS P6600 |Vulnerable |Not fixed |Not fixed |Not fixed
37: mips |Other Models |Not vulnerable | | |
38: ia64 |Intel |Not vulnerable | | |
39: riscv |(Spec.) |Not vulnerable | | |
40: """]]
41:
42: ## Meltdown
43:
44: [[!table data="""
45: Port |Vendor/Model |Meltdown (V3) |NetBSD-7 |NetBSD-8 |NetBSD-current
46: amd64 |Intel |Vulnerable |Not fixed |Fixed [MitigA] |Fixed [MitigA]
47: amd64 |AMD |Not vulnerable | | |
48: amd64 |VIA |Unknown | | |
49: i386 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
50: i386 |AMD |Not vulnerable | | |
51: i386 |VIA |Unknown | | |
52: mips |MIPS P5600 |Not vulnerable | | |
53: mips |MIPS P6600 |Not vulnerable | | |
54: mips |Other Models |Not vulnerable | | |
55: ia64 |Intel |Not vulnerable | | |
56: riscv |(Spec.) |Not vulnerable | | |
57: """]]
58:
59: ## Mitigations
60:
61: ### Mitigation A: SVS
62:
63: Meltdown is mitigated with the SVS feature. It can be dynamically disabled
64: by changing the "machdep.svs.enabled" sysctl.
65:
66: ### Mitigation B: Intel IBRS
67:
68: SpectreV2 can be mitigated with the IBRS method (Intel only for now). If
69: the CPU supports this method, it is used automatically. It can be
70: dynamically disabled by changing the "machdep.spectre_v2.mitigated"
71: sysctl.
72:
73: ### Mitigation C: AMD DIS_IND
74:
75: SpectreV2 can be mitigated with the DIS_IND method, available only on a
76: few AMD families. If the CPU supports this method, it is used
77: automatically. It can be dynamically disabled by changing the
78: "machdep.spectre_v2.mitigated" sysctl.
79:
80: ### Mitigation D: Retpoline
81:
82: SpectreV2 is mitigated in the kernel with the GCC "retpoline" compilation
83: flag, which is enabled by default in GENERIC.
84:
85: ## External Resources
86:
87: * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
88: * [ARM Security Update](https://developer.arm.com/support/security-update)
89: * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
90:
91: ## Notes
92:
93: * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
94:
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to meltdown_spectre.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / security