Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

_abednego

1 Rookie

 • 

78 Posts

649

March 25th, 2018 04:00

Meltdown and Spectre fixes not working on Precision Tower 3420

I have a hard time protecting a Dell Precision Tower 3420 against Meltdown and Spectre.  This machine has the latest BIOS (2.7.3) and microcode (rev. 84h) updates applied:

~$ dmesg | egrep -e 'Precision Tower|microcode'
[    0.000000] DMI: Dell Inc. Precision Tower 3420/02K9CR, BIOS 2.7.3 01/31/2018
[    0.861885] microcode: sig=0x906e9, pf=0x2, revision=0x84
[    0.862097] microcode: Microcode Update Driver: v2.2.

It runs the ubuntu 16.04 LTS operating system provided by Dell with all patches and an up to date kernel.

The Spectre and Meltdown mitigation detection tool (v0.35) identifies the system as not vulnerable:

  • CVE-2017-5753 (bounds check bypass) mitigated by means of the observable speculation barrier (OSB), Intel v6.
  • CVE-2017-5715 (branch target injection) mitigated by means of the full generic retpoline plus indirect branch prediction barrier (IBPB), Intel v4.
  • CVE-2017-5754 (rogue data cache load), also known as Meltdown, mitigated by means of a kernel supporting page table isolation (PTI).

However, a standard compilation of the Spectre Proof of Concept (PoC) disagrees.  This Spectre PoC is stopped by software and firmware mitigations on other workstations and servers, but runs successfully on this Precision.

Do you have any advice to improve the status of this workstation with reference to Meltdown and Spectre?

Thanks!

_abednego

1 Rookie

 • 

78 Posts

May 10th, 2018 09:00

Hi guys,

I am sorry for insisting on this issue but I feel it is really important.  I do not care what my software says about the current level of protection against Meltdown and Spectre, nor about the microcode revision for the microprocessor, I only care about the real-world protection against these serious bugs.

Both the operating system (a fully-patched Dell provided Ubuntu 16.04) and the Spectre and Meltdown mitigation detection tool say the computer is protected against three variants.  Microcode is updated too, this Dell Precision Tower 3420 is now running the BIOS released in april.  However, the fact is that a simple Spectre Proof of Concept is able to successfully read memory that should not be reachable.

The only reason I can think of for this behaviour is that I have choosed a processor without hyper-threading.  To avoid side channel attacks I got to a four cores i5 processor (i.e., the one that does not support hyper-threading) so it must perform better than a two-cores processor plus hyper-threading, perhaps exposing a bug that has only be "mitigated."  It is an Intel(R) Core(TM) i5-7600 CPU at 3.50 Ghz.

Can someone with a similar configuration (a Precision Tower 3420 plus a four-cores i5 processor) check if mitigation against Spectre and Meltdown works as expected?

We will be running into another eight Spectre-like bugs in the next weeks and my feeling is that the old Meltdown and Spectre bugs are not fixed yet!

 

Thanks in advance.

Was this post helpful?

View All

0 events found

No Events found!

Top