Unsolved
This post is more than 5 years old
2 Posts
0
888
390, BIOS A14 does not mitigate CVE-2018-3639
The release notes for BIOS A14 state "- Updated CPU microcode to address security advisory Intel Security Advisory INTEL-SA-00115 (CVE-2018-3639 & CVE-2018-3640)" however upon installation of the update, the Get-SpeculationControlSettings utility states that the hardware does not support Speculative Store Bypass Disable. I see no means to report BIOS issues or request further details so I'm posting this here.
This is the relevant section after applying A14 to an OptiPlex 390:
Speculation control settings for CVE-2018-3639 [speculative store bypass]
Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: False
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False
rbanke
2 Posts
0
August 31st, 2018 12:00
On 8/29 the BIOS update description was edited to "- Update to the latest CPU microcode to address CVE-2017-5715." It seems it was not intended to patch CVE-2018-3639 after all.