• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
We have new content about Hotkey issue, Click here to check it out!
Common problems for Battery
We would like to share some of the most frequently asked questions about: Battery Reports, Hold a charge, Test and Calibrating Battery . Check out this link: Is your notebook plugged in and not charging?
Locked

‎05-17-2019 06:11 PM - edited ‎05-17-2019 06:31 PM

HP Recommended
Product: HP ProBook 470 G5
Operating System: Linux

 

I just updated the firmware of my laptop with the latest HP Firmware Pack (Q85) 01.07.00 Rev.A

 

In the changelog/fixes of this package, I read the following :

 

- Enhancement to address security vulnerabilities CVE-2018-12126, CVE-2018-12127, CVE-2018-12130.
- Enhancement to address security vulnerabilities CVE-2019-0086, CVE-2019-0091, CVE-2019-0092, CVE-2019-0093, CVE-2019-0094, CVE-2019-0096.

Does this mean this fixes the zombieload/MDS/SMT vulnerabilities ? Do I have to disable Hyperthreading ?

 

1 ACCEPTED SOLUTION

Accepted Solutions

‎05-25-2019 11:42 AM - edited ‎05-25-2019 04:42 PM

HP Recommended

For those interested in this topic and using Linux, I finally had to disable Hyperthreading at the BIOS level in order to be protected against Fallout and ZombieLoad. Of course performance are affected, but I prefer security over performance.

 

So for my laptop (Probook 470 G5 with Intel(R) Core(TM) i7-8550U) running Linux, here are the actions that might mitigate these intel processors vulnerabilities :

Upgrade to latest BIOS

Disable Hyperthreading in BIOS

Upgrade OS kernel to 4.15.0-50

Upgrade intel microde to 3.20190514.0ubuntu0.18.04.3

 

Having done this, I ran the famous checker https://github.com/speed47/spectre-meltdown-checker and all following vulnerabilities appear now to be mitigated :

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'

CVE-2018-3640 aka 'Variant 3a, rogue system register read'

CVE-2018-3639 aka 'Variant 4, speculative store bypass'

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'

 

Other interesting resources :

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS?_ga=2.135526641.131565527.1557856125-10709302...

https://mdsattacks.com/

https://www.phoronix.com/scan.php?page=news_item&px=MDS-Zombieload-Initial-Impact

https://www.theregister.co.uk/2019/05/14/intel_hyper_threading_mitigations/

 

Regards

 

 

 

View solution in original post

Was this reply helpful? Yes No
2 REPLIES 2

‎05-22-2019 02:32 PM

HP Recommended

UP

Was this reply helpful? Yes No

‎05-25-2019 11:42 AM - edited ‎05-25-2019 04:42 PM

HP Recommended

For those interested in this topic and using Linux, I finally had to disable Hyperthreading at the BIOS level in order to be protected against Fallout and ZombieLoad. Of course performance are affected, but I prefer security over performance.

 

So for my laptop (Probook 470 G5 with Intel(R) Core(TM) i7-8550U) running Linux, here are the actions that might mitigate these intel processors vulnerabilities :

Upgrade to latest BIOS

Disable Hyperthreading in BIOS

Upgrade OS kernel to 4.15.0-50

Upgrade intel microde to 3.20190514.0ubuntu0.18.04.3

 

Having done this, I ran the famous checker https://github.com/speed47/spectre-meltdown-checker and all following vulnerabilities appear now to be mitigated :

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'

CVE-2018-3640 aka 'Variant 3a, rogue system register read'

CVE-2018-3639 aka 'Variant 4, speculative store bypass'

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'

 

Other interesting resources :

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS?_ga=2.135526641.131565527.1557856125-10709302...

https://mdsattacks.com/

https://www.phoronix.com/scan.php?page=news_item&px=MDS-Zombieload-Initial-Impact

https://www.theregister.co.uk/2019/05/14/intel_hyper_threading_mitigations/

 

Regards

 

 

 

Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.

Didn't find what you were looking for? Ask the community

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.