cancel
Showing results for 
Search instead for 
Did you mean: 
The HP Calculator Community Message Board is moving. While we prepare for the move, we are unable to accept new postings. During the move, you can look for help from other users by visiting https://www.hpmuseum.org/ . Or if you need technical support for your calculator visit: HP Calculators. .
XFR
Level 1
5 3 1 0
Message 1 of 3
562
Flag Post

Solved!

Zombieload and latest firmware pack fixes

HP Recommended
HP ProBook 470 G5
Linux

 

I just updated the firmware of my laptop with the latest HP Firmware Pack (Q85) 01.07.00 Rev.A

 

In the changelog/fixes of this package, I read the following :

 

- Enhancement to address security vulnerabilities CVE-2018-12126, CVE-2018-12127, CVE-2018-12130.
- Enhancement to address security vulnerabilities CVE-2019-0086, CVE-2019-0091, CVE-2019-0092, CVE-2019-0093, CVE-2019-0094, CVE-2019-0096. 

Does this mean this fixes the zombieload/MDS/SMT vulnerabilities ? Do I have to disable Hyperthreading ?

 

1 ACCEPTED SOLUTION

Accepted Solutions
XFR
Author
Level 1
5 3 1 0
Message 3 of 3
Flag Post
HP Recommended

For those interested in this topic and using Linux, I finally had to disable Hyperthreading at the BIOS level in order to be protected against Fallout and ZombieLoad. Of course performance are affected, but I prefer security over performance.

 

So for my laptop (Probook 470 G5 with Intel(R) Core(TM) i7-8550U) running Linux, here are the actions that might mitigate these intel processors vulnerabilities :

Upgrade to latest BIOS

Disable Hyperthreading in BIOS

Upgrade OS kernel to 4.15.0-50

Upgrade intel microde to 3.20190514.0ubuntu0.18.04.3

 

Having done this, I ran the famous checker https://github.com/speed47/spectre-meltdown-checker and all following vulnerabilities appear now to be mitigated :

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'

CVE-2018-3640 aka 'Variant 3a, rogue system register read'

CVE-2018-3639 aka 'Variant 4, speculative store bypass'

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'

 

Other interesting resources :

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS?_ga=2.135526641.131565527.1557856125-10709302...

https://mdsattacks.com/

https://www.phoronix.com/scan.php?page=news_item&px=MDS-Zombieload-Initial-Impact

https://www.theregister.co.uk/2019/05/14/intel_hyper_threading_mitigations/

 

Regards

 

 

 

View solution in original post

Was this reply helpful? Yes No
2 REPLIES 2
XFR
Author
Level 1
5 3 1 0
Message 2 of 3
Flag Post
HP Recommended

UP

Was this reply helpful? Yes No
XFR
Author
Level 1
5 3 1 0
Message 3 of 3
Flag Post
HP Recommended

For those interested in this topic and using Linux, I finally had to disable Hyperthreading at the BIOS level in order to be protected against Fallout and ZombieLoad. Of course performance are affected, but I prefer security over performance.

 

So for my laptop (Probook 470 G5 with Intel(R) Core(TM) i7-8550U) running Linux, here are the actions that might mitigate these intel processors vulnerabilities :

Upgrade to latest BIOS

Disable Hyperthreading in BIOS

Upgrade OS kernel to 4.15.0-50

Upgrade intel microde to 3.20190514.0ubuntu0.18.04.3

 

Having done this, I ran the famous checker https://github.com/speed47/spectre-meltdown-checker and all following vulnerabilities appear now to be mitigated :

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'

CVE-2018-3640 aka 'Variant 3a, rogue system register read'

CVE-2018-3639 aka 'Variant 4, speculative store bypass'

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'

 

Other interesting resources :

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS?_ga=2.135526641.131565527.1557856125-10709302...

https://mdsattacks.com/

https://www.phoronix.com/scan.php?page=news_item&px=MDS-Zombieload-Initial-Impact

https://www.theregister.co.uk/2019/05/14/intel_hyper_threading_mitigations/

 

Regards

 

 

 

View solution in original post

Was this reply helpful? Yes No
Warning Be alert for scammers posting fake support phone numbers and/or email addresses on the community. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation