Many modern processors have implementation issues that allow unprivileged attackers to bypass user-kernel or inter-process memory access restrictions, by exploiting speculative execution and shared resources (caches).

Details of these flaws were announced publicly on 3 January 2018.

Links

Per-architecture status

CVE:

CVE-2017-5753

CVE-2017-5715

CVE-2017-5754

P0 variant:

Variant 1

Variant 2

Variant 3

Nickname:

Spectre

Spectre

Meltdown

arch

microarch

amd64

AMD

Vulnerable

Vulnerable

Not vulnerable

Intel

Vulnerable

Vulnerable

Mitigation [1]

Via

i386

arm64

Cavium ThunderX

Not vulnerable

Not vulnerable

Not vulnerable

Cavium ThunderX2 *

Vulnerable

Vulnerable

Not vulnerable

Qualcomm Falkor *

Vulnerable

Cortex A53, A55

Not vulnerable

Not vulnerable

Not vulnerable

Cortex A57

Vulnerable

Mitigation [2]

Not vulnerable

Cortex A72

Vulnerable

Mitigation [2]

Not vulnerable

Cortex A73

Vulnerable

Mitigation [2]

Not vulnerable

Cortex A75

Vulnerable

Mitigation [2]

Vulnerable (3a)

armv7

Cortex A5, A7

Not vulnerable

Not vulnerable

Not vulnerable

Cortex A8, A9, A15, A17

Vulnerable

Vulnerable

Not vulnerable

armv4,5,6

Not vulnerable

Not vulnerable

Not vulnerable

mips

MIPS P5600

Vulnerable

Vulnerable

Not vulnerable

MIPS P6600

Vulnerable

Vulnerable

Not vulnerable

MIPS Other

Not vulnerable

Not vulnerable

Not vulnerable

sparc64

powerpc64

POWER6

Not vulnerable

POWER7, POWER8, POWER9

* These CPUs are not yet supported by FreeBSD

NOTE: Empty cells and unlisted architectures either have an unknown status, or will be added to the table shortly.

This table represents the most up-to-date information we have, but as the understanding of these vulnerabilities is changing rapidly certain details may be out of date or incorrect.

Mitigation Patch Tracking

Commit

#

Description

Review

HEAD

stable/11

stable/10

1

amd64 PTI (Meltdown)

D13797

r328083

2

arm64 Spectre variant 2

D13812

r327876

3

amd64 bhyve partial Spectre variant 2

D13919

r328011

4

armv7 Spectre variant 2

D13931

5

amd64 PTI-PCID integration

D13985

6

amd64 PTI default setting

D13971

r328166

NOTE: Descriptions above indicate patch applicability (e.g. arch and variant) but are not necessarily the entire/full or final mitigation for the issue.

SpeculativeExecutionVulnerabilities (last edited 2018-01-22 23:35:16 by JohnBaldwin)