Open cinderbdt opened 3 years ago
Intel replied to me in the forum Processors.
The official information about this topic is directly related to SA-00088:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00088.html
You can find the "Affected products" section there, the Celeron N3160 is not listed nor any Braswell processors, so this processor is not affected by the Spectre and Meltdown.
I'm trying to understand how this can be the case. I think that "is not affected" overstates the safety of using this processor. Am I reading the output of the checker correctly, that "KO" is indicating that there is a vulnerability for the processor? I recognize that my risk profile may be such that I don't need to worry about this vulnerability, but I'm still trying to understand what the checker is telling me. Thanks for any suggestion.
Possibly similar to #302 and #310, I get:
output
user@host:~$ sudo /usr/bin/spectre-meltdown-checker --version Spectre and Meltdown mitigation detection tool v0.43
selective copypasta from output with --explain:
CVE-2018-3640 aka \'Variant 3a, rogue system register read\'
CVE-2018-3640:KO
system details
question
I read Intel SA-00115, which shows "Apollo Lake" Intel® Celeron® Processor N Series only N3350, N3450 are vulnerable and have a microcode update. I read Affected Processors: Transient Execution Attacks & Related Security Issues by CPU, the 06_4CH processor (corresponding to family 6, model 76 and the dmesg output, if I understand correctly) only lists the Atom processors affected.
I checked ark.intel.com, and when I look at the full specs, I see that it is codename Braswell, which is part of "Cherry View", not "Apollo Lake".
According to Microcode Update Guidance, in the above file header, 00000411 is the microcode version, 04232019 is the date on which the IPU was created, and 000406c4 is the family/model/stepping in the format returned by the CPUID instruction.
Is this a false positive, or does this processor require a microcode update that is not available? Maybe it falls into the pit outlined by the security advisory? "A listing of microcode updates that have been production qualified can be found here and will be updated as necessary. It is expected that remaining microcode updates, currently in beta, will be production qualified in the coming weeks."
Thank you for any guidance.