-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
- HP Community
- Notebooks
- Notebook Hardware and Upgrade Questions
- Zombieload and latest firmware pack fixes
Create an account on the HP Community to personalize your profile and ask a question
05-17-2019 06:11 PM - edited 05-17-2019 06:31 PM
I just updated the firmware of my laptop with the latest HP Firmware Pack (Q85) 01.07.00 Rev.A
In the changelog/fixes of this package, I read the following :
- Enhancement to address security vulnerabilities CVE-2018-12126, CVE-2018-12127, CVE-2018-12130. - Enhancement to address security vulnerabilities CVE-2019-0086, CVE-2019-0091, CVE-2019-0092, CVE-2019-0093, CVE-2019-0094, CVE-2019-0096.
Does this mean this fixes the zombieload/MDS/SMT vulnerabilities ? Do I have to disable Hyperthreading ?
Solved! Go to Solution.
Accepted Solutions
05-25-2019 11:42 AM - edited 05-25-2019 04:42 PM
For those interested in this topic and using Linux, I finally had to disable Hyperthreading at the BIOS level in order to be protected against Fallout and ZombieLoad. Of course performance are affected, but I prefer security over performance.
So for my laptop (Probook 470 G5 with Intel(R) Core(TM) i7-8550U) running Linux, here are the actions that might mitigate these intel processors vulnerabilities :
Upgrade to latest BIOS
Disable Hyperthreading in BIOS
Upgrade OS kernel to 4.15.0-50
Upgrade intel microde to 3.20190514.0ubuntu0.18.04.3
Having done this, I ran the famous checker https://github.com/speed47/spectre-meltdown-checker and all following vulnerabilities appear now to be mitigated :
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
Other interesting resources :
https://www.phoronix.com/scan.php?page=news_item&px=MDS-Zombieload-Initial-Impact
https://www.theregister.co.uk/2019/05/14/intel_hyper_threading_mitigations/
Regards
05-25-2019 11:42 AM - edited 05-25-2019 04:42 PM
For those interested in this topic and using Linux, I finally had to disable Hyperthreading at the BIOS level in order to be protected against Fallout and ZombieLoad. Of course performance are affected, but I prefer security over performance.
So for my laptop (Probook 470 G5 with Intel(R) Core(TM) i7-8550U) running Linux, here are the actions that might mitigate these intel processors vulnerabilities :
Upgrade to latest BIOS
Disable Hyperthreading in BIOS
Upgrade OS kernel to 4.15.0-50
Upgrade intel microde to 3.20190514.0ubuntu0.18.04.3
Having done this, I ran the famous checker https://github.com/speed47/spectre-meltdown-checker and all following vulnerabilities appear now to be mitigated :
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
Other interesting resources :
https://www.phoronix.com/scan.php?page=news_item&px=MDS-Zombieload-Initial-Impact
https://www.theregister.co.uk/2019/05/14/intel_hyper_threading_mitigations/
Regards
Didn't find what you were looking for? Ask the community