Kyle Rankin

Chief Security Officer
PGP ID: 0xB9EF770D6EFE360F
Fingerprint: 0DFE 2A03 7FEF B6BF C56F73C5 B9EF 770D 6EFE 360F
Librem Social

Latest posts by Kyle Rankin (see all)

Last week Intel announced a new group of speculative execution vulnerabilities in its processors related to the well-known Spectre and Meltdown vulnerabilities from over a year ago. These new attacks have been labeled as the MDS (Microarchitectural Data Sampling) vulnerabilities by Intel, but in the age of branded vulnerabilities they also have been given more exciting names like Zombieload. An attacker who is able to successfully exploit these vulnerabilities has the potential to extract sensitive information including encryption keys from the target machine.

Because this is a vulnerability in the Intel CPU hardware itself, like with Spectre and Meltdown, the patch for these vulnerabilities comes in two forms:

  • Linux kernel patch for PureOS users
  • CPU microcode updates for Librem laptop owners

PureOS Users

PureOS users are advised to update their system packages using their normal software update process, which will pull down the latest 4.19.37-3 kernel package.

Librem Laptop Owners

Purism includes CPU microcode updates as part of our coreboot firmware, so laptops shipping out starting this week will already be patched for these vulnerabilities. For existing laptop users, you will need to update your coreboot firmware to the latest version. Just follow our documentation on using our coreboot update script. Microcode updates have been added to the default coreboot SeaBIOS firmware starting with version 4.9-Purism-1 and in our beta PureBoot firmware starting with version heads-beta-6. In addition to using our update script, you can access the changelog for our pre-built binary firmware images directly at our firmware releases project page.

Recent Posts

Related Content

Tags