At the end of last year, various cyber security researchers raised the alarm about two dangerous hardware vulnerabilities named Spectre and Meltdown. Developers of free operating systems based on the Berkeley Software Distribution (BSD) series of Unix variants have been aware of the issue as well, and this month two of the most popular BSD-powered projects – FreeBSD and OpenBSD – announced that they had used the last couple of months to develop fixes for the critical vulnerabilities.
FreeBSD said at the end of last month they have been working intensively with CPU manufacturers like AMD and Intel to find solutions for the Spectre and Meltdown vulnerabilities. Now, a fixed version of the FreeBSD operating system is already available, and it provides mitigation for the Meltdown vulnerability via Page Table Isolation (PTI), together with PCID optimization of PTI. Things seem more complicated for the Spectre bug which is harder to fix, yet the latest FreeBSD version contains a kernel update that includes the IBRS (Indirect Branch Restricted Speculation) feature, thus partially mitigating the Spectre vulnerability as well. However, according to experts, this second vulnerability could be chasing cybersecurity researchers for years as it requires more profound investigation.
For OpenBSD, which is also based on a Unix variant and which is known for its integrated cryptography features, no Spectre fix is available at this time, although it could also be on its way. The developer of OpenBSD Philip Guenther said, however, that his team has managed to provide mitigation for the Meltdown security bug by implementing a user/kernel page table separation feature for Intel processors. In a detailed statement, Guenther explains how exactly the patch works, also saying that the solution was most likely inspired by some work done by the DragonFlyBSD Project.
All users of FreeBSD and Open BSD should bring their systems up-to-date as soon as possible in order to protect them from any infections resulting from the Meltdown and Spectre vulnerabilities.