Microcode for "Special register buffer data sampling (CVE-2020-0543)"

meathill · 10 March 2022 18:59

Hi, i’m using an old notebook for ipfire, which has an Intel Core i7-3517U. I’m on the latest core update (164). Still the " Processor Vulnerability Mitigations" section tells me, that I’m vulnerable to the “Special register buffer data sampling (CVE-2020-0543)” vulnerability because there is no microcode.

Since this vulnerability already got a microcode migitation on other linux distros like Ubuntu i wonder whether it can or will ever be fixed on ipfire? Should i worry about this and buy new hardware?

Thank you very much for your help!

bonnietwin · 10 March 2022 20:23

Hi @meathill

Welcome to the IPFire community.

The intel-microcode package was updated to the latest version (20220207) in Core Update 164
In Core Update 163 the previous version (20210608) was running.

The fix for cve-2020-0543 was added in to the intel-microcode-20200609 package which was released in Core Update 148.

So the intel-microcode package is kept pretty up-to-date so I don’t understand why it is showing that you still have a vulnerability to it.

That really depends on the likelihood of any attacker being able to get local physical access to your IPFire system. To execute the vulnerability a person has to physically access the computer itself.

meathill · 10 March 2022 22:25

Thanks for your really quick reply! This is what i get, when i run the spectre-meltdown-checker in terminal:
CVE-2020-0543 aka ‘Special Register Buffer Data Sampling (SRBDS)’

Mitigated according to the /sys interface: NO (Vulnerable: No microcode)
SRBDS mitigation control is supported by the kernel: YES (found SRBDS implem entation evidence in kernel image. Your kernel is up to date for SRBDS mitigatio n)
SRBDS mitigation control is enabled and active: NO

STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate th e vulnerability)

ms · 11 March 2022 10:07

It is quite likely that you have one of the processors that Intel does not release new microcode for any more.

Since this is a third generation processor, they probably are fine with you being vulnerable and encourage you to buy some new hardware this way.

What a company.

redneckmother · 11 March 2022 17:25

What a company.

Correction:
What? A company?

ms · 11 March 2022 18:12

Yes, that works too

meathill · 12 March 2022 22:10

Okay that’s sad. Still thank you for clearing that up!

neum · 21 December 2022 14:02

I just came across this thread. I just installed IPFire and also found the processor vulnerability. In my case it also says “Special Register Buffer Data Sampling (CVE-2020-0543)” vulnerable - No microcode. I wonder now if I have to or should take any action here? So I googled a little bit and found this page from Intel. The Intel N5105 is built-in in my hardware. But if I read the Intel table correctly, it says that the N5105 is not affected by “…CVE-2020-0543”, right? At least the table says “Not Affected”. I am absolutely no expert do I have to worry?