Users are urged to update their systems immediately

Feb 22, 2018 21:57 GMT  ·  By

More than a month since their public discloser the nasty Meltdown and Spectre security vulnerability have now been fixed for various BSD operating systems including FreeBSD and OpenBSD.

FreeBSD announced last month that it was made aware of the Spectre and Meltdown security vulnerabilities discovered by various researchers from Google's Project Zero, Graz University of Technology, Cyberus Technology, and others in late December 2017 to have time to fix them for their BSD-powered operating system.

The project said that they are working with CPU vendors like Intel and AMD to mitigate both Spectre and Meltdown on FreeBSD, but did not give an estimated time of the publication of the patches. One and a half months later, the patches to mitigate Meltdown via PTI (Page Table Isolation) arrived, along with PCID optimization of PTI.

Also, the FreeBSD project released a kernel update that includes the IBRS (Indirect Branch Restricted Speculation) feature to partially mitigate the Spectre vulnerability, which is harder to fix than Meltdown and could hunt us for next few years, according to one of the security researchers involved in its unearthing.

OpenBSD system now patched against Meltdown too

On the other hand, the OpenBSD UNIX-like operating system, which is known for its proactive security and integrated cryptography features, only recently received a patch that apparently mitigates the Meltdown security vulnerability. No Spectre fix was released at the moment of writing, but it could be available soon too.

OpenBSD developer Philip Guenther says in a commit that to fix Meltdown, the team had to implement a user/kernel page table separation feature for Intel CPUs. He explained how their patch works and said that the per-CPU page layout was mostly inspired from the work done by the DragonFlyBSD project.

"On Intel CPUs which speculate past user/supervisor page permission checks, use a separate page table for userspace with only the minimum of kernel code and data required for the transitions to/from the kernel," said Guenther. "On return to userspace the opposite occurs."

If you're using either FreeBSD or OpenBSD, you are urged to update your systems as soon as possible to protect your computers against the Meltdown and Spectre security vulnerability, which put billions of devices at risk of attacks, and remember always to keep your installations up-to-date.