Hi, i’m using an old notebook for ipfire, which has an Intel Core i7-3517U. I’m on the latest core update (164). Still the " Processor Vulnerability Mitigations" section tells me, that I’m vulnerable to the “Special register buffer data sampling (CVE-2020-0543)” vulnerability because there is no microcode.
Since this vulnerability already got a microcode migitation on other linux distros like Ubuntu i wonder whether it can or will ever be fixed on ipfire? Should i worry about this and buy new hardware?
The intel-microcode package was updated to the latest version (20220207) in Core Update 164
In Core Update 163 the previous version (20210608) was running.
The fix for cve-2020-0543 was added in to the intel-microcode-20200609 package which was released in Core Update 148.
So the intel-microcode package is kept pretty up-to-date so I don’t understand why it is showing that you still have a vulnerability to it.
That really depends on the likelihood of any attacker being able to get local physical access to your IPFire system. To execute the vulnerability a person has to physically access the computer itself.
Thanks for your really quick reply! This is what i get, when i run the spectre-meltdown-checker in terminal:
CVE-2020-0543 aka ‘Special Register Buffer Data Sampling (SRBDS)’
Mitigated according to the /sys interface: NO (Vulnerable: No microcode)
SRBDS mitigation control is supported by the kernel: YES (found SRBDS implem entation evidence in kernel image. Your kernel is up to date for SRBDS mitigatio n)
SRBDS mitigation control is enabled and active: NO
STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate th e vulnerability)
I just came across this thread. I just installed IPFire and also found the processor vulnerability. In my case it also says “Special Register Buffer Data Sampling (CVE-2020-0543)” vulnerable - No microcode. I wonder now if I have to or should take any action here? So I googled a little bit and found this page from Intel. The Intel N5105 is built-in in my hardware. But if I read the Intel table correctly, it says that the N5105 is not affected by “…CVE-2020-0543”, right? At least the table says “Not Affected”. I am absolutely no expert do I have to worry?