Last week Intel announced a new group of speculative execution vulnerabilities in its processors related to the well-known Spectre and Meltdown vulnerabilities from over a year ago. These new attacks have been labeled as the MDS (Microarchitectural Data Sampling) vulnerabilities by Intel, but in the age of branded vulnerabilities they also have been given more exciting names like Zombieload. An attacker who is able to successfully exploit these vulnerabilities has the potential to extract sensitive information including encryption keys from the target machine.
Because this is a vulnerability in the Intel CPU hardware itself, like with Spectre and Meltdown, the patch for these vulnerabilities comes in two forms:
PureOS users are advised to update their system packages using their normal software update process, which will pull down the latest 4.19.37-3 kernel package.
Purism includes CPU microcode updates as part of our coreboot firmware, so laptops shipping out starting this week will already be patched for these vulnerabilities. For existing laptop users, you will need to update your coreboot firmware to the latest version. Just follow our documentation on using our coreboot update script. Microcode updates have been added to the default coreboot SeaBIOS firmware starting with version 4.9-Purism-1 and in our beta PureBoot firmware starting with version heads-beta-6. In addition to using our update script, you can access the changelog for our pre-built binary firmware images directly at our firmware releases project page.