OpenWRT and Metldown patch

Are there any plans how to patch OpenWRT against these attacks?

Kernel 4.14.11+ is patched against this attach. Turris Omnia returns me now this version

uname -romi 4.4.106-1e4a549d177ab3da12b2052fba6a4dd5-3 armv7l unknown n

Kernel 4.4.109 should contain a fix for Meltdown and I’m hoping (and guessing) that will be a part of the next release (which I’m also hoping will be released sooner rather than later).

omnia-nightly has .109 already.

It seems that this vulnerability affects only Intel processors (according to paper). Turris Omnia has ARMv7 processor and Turris 1.x has PowerPC.

There are 2 vulnerabilities

  1. Meltdown CVE-2017-5754
  • Only Intel processors are affected
  • UPDATE: Some ARMs are also affected, but not A9 used in Omnia
  1. Spectre CVE-2017-5753 and CVE-2017-5715
  • Some ARM processors are also affected (including A9 in Omnia)
  • UPDATE: It is probable that PowerPC processors are also affected

It seems that Spectre vulnerability affects Turris Routers. We are investigating more details.

Anyway the potential attacker need to have local access to the system. It means

  • Buggy software
  • Malware installed
  • SSH access
  • Applications, software and ssh access in LXC containers

So if you

  • have Updater enabled
  • have third party software not installed
  • not give SSH access to any user

you should be safe


@RadoslavCap and @HomerSp can you post any references to information about patched kernel versions please?

@RadoslavCap 4.4.11 was released in May 2016. I think that it can not contain patches from December 2017.

@HomerSp I see that version 4.4.109 was released Jan 2nd 2018 so it should include these patches but I can not find them in changelog.

Anyway Meltdown does not affect Turris routers and introduced patches protect only from Meltdown. Spectre is not patched in Linux kernel upstream yet so we can not do much more for it right now. This is a global-wide problem.

1 Like

Indeed, there was some confusion about what exactly these two vulnerabilities meant for us. As you say, the turris won’t be affected by Meltdown since it is limited to x86 Intel processors.
Spectre is/will be a problem on the omnia, yes, but as far as I know there have been no real (proof of concept) exploits yet - it’s all just documented as actually taking advantage of it seems to be difficult. I don’t think there have been any patches released that will fix this latter exploit yet.

Not according to, some arm cores are also affected, like cortex-a75, and a15, a57, a72 to a variant of meltdown.
The A9, which I believe the omnia’s cpu is based on, is reported to be not affected by meltdown though.

1 Like

yes, you are right. I have specified it in my previous reply

Cross-ref: Critical security issues Meltdown and Spectre

@HomerSp FYI: kernel 4.4.110 was released today and it includes the KAISER/KPTI patch which “solve” Meltdown problem.

We plan to ship this kernel version to RC next week but anyway this fix is not related to Omnia anyway (as I wrote above).

1 Like

Just for curiosity, propably stupid question, but… Meltdown software patch should decrease performance… Is this valid also for HW, which is not affected, but using updated upstream?

I’ve read this depends on the particular patch.

It should not. It is an kernel option which is forced only on x86 from Intel.

We will just deploy another kernel patch version as usual.