This page details status for Chrome OS devices regarding the Meltdown and Spectre vulnerabilities, also known as "speculative execution vulnerabilities" described by Google Project Zero. (Previously located at https://www.chromium.org/chrome-os-devices-and-kernel-versions.) MeltdownGoogle has been working on updates that contain the Kernel Page Table Isolation (KPTI) mitigation for Meltdown. ARM Chrome OS devices are not affected by Meltdown. Most Intel devices received KPTI with M63. All Intel devices will have received KPTI with M66. (2018-Feb-07: Updated to confirm all Intel devices will have received KPTI with M66.) Variant 3 (CVE-2017-5754)The following subsections indicate the vulnerability status of Chrome OS hardware for Variant 3 (CVE-2017-5754), which is also referred to as Meltdown.
Older Intel devicesThese devices with kernel 3.14 will receive the KPTI / KAISER patch against Variant 3 (Meltdown) in Chrome OS 66:
These devices with kernel 3.8 will receive the KPTI / KAISER patch against Variant 3 (Meltdown) in Chrome OS 66:
ARM devicesARM Chrome OS devices are not affected by Meltdown. This applies to the following devices:
SpectreThe following subsections indicate Chrome OS status with respect to the Spectre vulnerability (also referred to as "Variant 1" and "Variant 2" in the Project Zero blog post). Spectre potentially allows access to data held in other processor execution contexts. The victim execution context (kernel or process) must have certain code patterns in their address space.Variant 1 (CVE-2017-5753)The Linux kernel has a feature called eBPF that is used to run untrusted code. The Project Zero blog post describes how this can be abused by attackers to generate vulnerable code patterns in the kernel. However, Chrome OS disables eBPF in its kernels and therefore is not exposed to Spectre Variant 1 via eBPF. Additional Spectre variant 1 mitigations available in the Chrome browser are described here.Variant 2 (CVE-2017-5715)The Project Zero blog post describes how virtualization can be used to exploit Spectre Variant 2. Chrome OS devices don’t currently use virtualization features, but we’re proactively protecting against this attack. (2018-Feb-22: Updated to describe plans for ARM devices.) Intel devicesOn Intel devices we’ve deployed the Retpoline compiler-based mitigation for Chrome OS kernels, starting with Chrome OS 65. This mitigation prevents kernel-to-user, guest-to-guest, and host-to-guest information leaks using Spectre Variant 2. ARM devicesOn ARM devices we’ve started integrating firmware and kernel patches supplied by ARM. Development is still ongoing so release timelines have not been finalized. ARM devices will receive updated firmware and kernels before they enable virtualization features. |
Chromium OS >