支援與服務

Spectre & Meltdown bug

What is Meltdown and Spectre issue

The issue is a new side-channel analysis method developed by external researchers that gathers information by observing the physical behavior of certain processing techniques that are common to modern computing platforms, when operating as designed. Malicious code using this method and running locally on a normally operating platform could infer data values from memory.

Will ASRock Rack release the FW for it?

ASRock Rack has been notified about an industry-wide potential security issue and is taking action to help our customers address their concerns.

Based on Intel and ASRock Rack current assessment of these exploits we believe that they do not have the potential to corrupt, modify or delete data.
ASRock Rack is working with Intel to design, test and deploy the appropriate mitigations as early as reasonably possible.
Firmware mitigations will be available and continue to roll out over the next few weeks.
For more information please refer to Intel public announcement website:
https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

Where can I find OS hotfix for it:

Following is the hot fix for each OS.
P.S
Some Linux distributions have more than one update.
For example: CVE-2017-5753 and CVE-2017-5715 is for “Spectre”, CVE-2017-5754 is for “Meltdown”

Microsoft:
https://support.microsoft.com/sq-al/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

RedHat /CentOS 6 :
https://access.redhat.com/errata/RHSA-2018:0008

RedHat /CentOS 7:
https://access.redhat.com/errata/RHSA-2018:0007

Ubuntu:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

SUSE:
https://www.suse.com/security/cve/CVE-2017-5753
https://www.suse.com/security/cve/CVE-2017-5715
https://www.suse.com/security/cve/CVE-2017-5754

Debian:
https://security-tracker.debian.org/tracker/CVE-2017-5753
https://security-tracker.debian.org/tracker/CVE-2017-5715
https://security-tracker.debian.org/tracker/CVE-2017-5754

Fedora:
https://fedoramagazine.org/protect-fedora-system-meltdown/

VMware:
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

Wind River:
https://www.windriver.com/announces/cve-2015-7547_notice/

If you are using priority Linux, and need to patch by yourself.

Linux patches info is in below website for variant 2 and 3.
https://meltdownattack.com/

P.S
Variant 1 (CVE-2017-5753/) Bounds Check Bypass unless you run 4.9 or later. It doesn't have an eBPF problem.
eBPF is fixed upstream already.