1

I use an older 32-bit Intel Pentium Computer which is not getting any microcode updates. Anyway the PC is working just fine and I want to protect it against spectre/meltdown vulnerabilities. Is there any Linux distribution providing patches? As I know from the Ubuntu wiki-page only Spectre Variant 1 is addressed by the Ubuntu team.

Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
Bastian
  • 29
  • 1
  • 1
    Which Pentium, specifically? – Stephen Kitt May 15 '18 at 17:56
  • I do not know the model, but the computer was produced in the year 2008 and it is a dual core. – Bastian May 15 '18 at 17:58
  • 1
    Oh, OK, so it is indeed affected. – Stephen Kitt May 15 '18 at 17:58
  • 3
    Possible duplicate of [How to mitigate the Spectre and Meltdown vulnerabilities on Linux systems?](https://unix.stackexchange.com/questions/414786/how-to-mitigate-the-spectre-and-meltdown-vulnerabilities-on-linux-systems) – Jeff Schaller May 15 '18 at 18:08
  • 1
    Though it appears to be [still unresolved](http://www.theregister.co.uk/2018/05/09/spectre_ng_fix_delayed/) – Jeff Schaller May 15 '18 at 18:09
  • 2
    @Jeff that link is talking about Spectre NG, which are new vulnerabilities which aren’t fixed anywhere. The OP is referring to the vulnerabilities disclosed in January (Meltdown and Spectre variants 1 and 2). – Stephen Kitt May 15 '18 at 18:15

1 Answers1

2

On 32-bit x86, both Spectre variants are fixed, including in Ubuntu. Fixes for Meltdown are still being worked on; as far as I know, no distribution is shipping them, although I haven’t checked openSUSE (the patches are being developed by SUSE so they might show up there earlier).

Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
  • As I can see from the ubuntu wiki page the spectre variant 2 is fixed using retpoline. For 64 bit versions also microcode updates are required which suggests me that retpoline only is not sufficient enough (Table "Kernel mitigations")? For the 32 bit there are no microcode unfortunately available. – Bastian May 15 '18 at 18:25
  • No, retpoline is sufficient, [for software rebuilt to use it](https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown/TechFAQ#Retpoline); currently that’s only the kernel, but that’s already sufficient to mitigate known attacks. Firefox has also been updated to address the issues there. – Stephen Kitt May 15 '18 at 18:32