Meltdown and Spectre vulnerabilities

(Version française ici)

1. Summary

Meltdown and Spectre vulnerabilities find their weakness in the way how processors handle operating systems and application instructions. This is why these vulnerabilities encompass virtually all processor architectures (Intel, AMD, ARM) are not tied to a specific OS (Windows, Mac, Linux). This is thus a serious issue because it has implications for the entire EPFL IT ecosystem.

Meltdown (CVE-2017-5754)

This vulnerability impacts every Intel processor, except Itanium and Atom (before 2013).

Spectre (CVE-2017-5715 / CVE-2017-5753)

These vulnerabilities impact Intel, AMD and ARM architectures. (More to come soon).

2. Issues

The hardware and software patches published in January and February 2018, notably for Windows (Intel and AMD), brought system instability. Most of the issues are now resolved and we recommend to install all available software fixes.

Spectre variant 2 vulnerability is partly mitigated by applying a software patch and needs to be also addressed with a hardware one (firmware). Updating chipset being potentially harmful for hardware integrity, we recommend to carefully follow the instructions provided by chipset manufacturers and software editors.

3. Software patches availability

The table below offers a synoptic view :

4. Post installation auditing

4.1 Windows

A vulnerability check tool can be found here. A more complex Powershell script issued by Microsoft is here (detailed configuration and output analysis here).

4.2 Apple MacOS

No tool known. Apple's article concerning Meltdown/Spectre here.

4.3 UNIX/Linux

Verification script here.

5. Firmware patches availability

Given the diversity of the manufacturers, the complexity of the procedures as well as the inherent risks of updating firmware, we cannot provide step by step guides. You can find hereafter links to major manufacturers whose machines are present in large numbers on campus.

Intel documentation for all manufacturers here.