CVE-2018-3640: Intel(R) Celeron(R) CPU N3160 vulnerable?

cinderbdt · ‎10-02-2021

I am attempting to improve the security posture of a specialty computer system.

According to the Linux tools, the processor in my system is

Intel(R) Celeron(R) CPU  N3160  @ 1.60GHz

which is reported as

cpu family      : 6
model           : 76
stepping        : 4

is this processor actually vulnerable as reported by the software checker "Spectre and Meltdown mitigation detection tool v0.43"? If so, is there an MCU to address it?

I've filed an issue at GitHub against the software checker, but I haven't seen an update so I'm hoping there is someone here who can help. There are further details at the link.

If necessary, I could boot to an alternative OS to try to determine this answer, but I'm not sure if that would be effective.

I've also tried reaching out to the system integrator, but I have not received a response.

I read through this post which linked to information about L1TF side channel attacks, and RSRE a.k.a "GPZ Variant 3a" and I have also read Ubuntu's L1TF page, which does not mention CVE-2018-3640. The Ubuntu Security Notice (USN-3756-1) page does not go forward to reference the version of the "intel microcode" package that I am running, or the Linux kernel version, or the Ubuntu distribution release. I suppose this is not surprising, since it is now 2021 and not 2018.

Thank you for any suggestion.

cinderbdt · ‎10-05-2021

I have reviewed the November 2018 MCU guidance which shows on page 6 that the microcode running on this processor is "green", since it is later than version 410. So I'm trying to determine if the checker is correct that this processor running this microcode is vulnerable to RSRR v3a or if it is incorrect.

Here is how I discovered that the processor has microcode updated to revision 0x411:

user@host:~$ su root -c 'dmesg -t | grep -i microcode'
Password:
microcode: microcode updated early to revision 0x411, date = 2019-04-23
microcode: sig=0x406c4, pf=0x1, revision=0x411
microcode: Microcode Update Driver: v2.2.

page 6 shows 410 is the latest MCU for CPUID 406C4

David_G_Intel · ‎10-07-2021

Hello cinderbdt

Thank you for posting on the Intel️® communities. We are currently working on this request, the updates will be posted on the thread.

Regards,

David G

Intel Customer Support Technician

David_G_Intel · ‎10-14-2021

Hello cinderbdt

The official information about this topic is directly related to SA-00088:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00088.html

You can find the "Affected products" section there, the Celeron N3160 is not listed nor any Braswell processors, so this processor is not affected by the Spectre and Meltdown.

If you are concerned about these alerts, we recommend keeping the BIOS up to date because the microcode is included in that firmware; however, it would be good to check with Linux or the app's developer where those alerts are coming from and see what exactly they mean.

Please keep in mind that this thread will no longer be monitored by Intel. Thank you for your understanding.

Best regards,

David G.

Intel Customer Support Technician