Spectre and Meltdown on Core 2 Duo CPU

I have two Core 2 Duo machines, one running pf-sense E6550 cpu Lenovo business machine , and the other running Manjaro Linux E8400 cpu HP business machine .
I have done a few searches and can not find if they are affected by Spectre or meltdown.

Are these machines affected my these problems?

Thanks
Have a day

According to the papers the probably are.

just to be clear, probably affected or probably safe.

Probably affected. Maybe they are resistant to Meltdown (doubt it), but Spectre should work.

Will they need just software patch , or both software and bios

I think OS and browser patches did an important part to begin with. Remember, the malicious code needs to run on your machine - but since JavaScript is enough to exploit it your OS and browser should prevent such an activity. (NoScript is also an additional help).

But the ramifications of Spectre are still unknown, and both vulnerabilities can’t be entirely closed without a microcode update or even new hardware.

That being said, I think MS’ update did an important part.

Thanks this is the info I was looking for
The pfsense box should be safe. no java scripts run on it, from what I know.
The manjaro machine has no java script and the OS and browser are updated
The browser is firefox.
I mean safe as in someone would have to go to extra work to exploited them.
The manjaro machine only opens one web pages, gets the needed data and then closes.

Yeah, as long as no code is executed on the device itself it’s fine.

Thanks for your info and help.

They are definitely affected. I have run tests on Pre-C2D XEONS that are the last of the last of the last of the netburst architecture, the first C2D xeons (5150’s), CD, CS, C2D T and P series from 2000’s to 8000’s, and the desktop chips are the same chips as the laptop chips. Theres no way your chips aren’t affected.

Then they should be on a list some where.
Intel does such a bad job of this.

I am leaning towards the thought that all computers connected to the internet are all in some way compromised, from hardware to software, all in the name of all mighty dollar.

This is an already hard to use exploit because you need physical access to a machine. If people were really worried about this everyone would be on baytrail atoms and atom N270’s with SPARC based desktops.

Don’t worry about it.

1 Like

You don’t need physical access, you need to be able to run code on it. There’s a difference. (Ads run code on your machine)

1 Like

So far there hasn’t been any PoC that has shown it can be run through ads though, has there?

I still wouldn’t really be worried about it.

Is the pfsense box safe from someone running a spectre or meltdown attach as of todays info.

The other machine run linux and just opens one web page that has ad block and no java script running, with todays info will it be safe to use.

I think in the Spectre paper itself the developers used JavaScript and C samples. Given the fact that ads run JavaScript it is straightforward to assume that Spectre can be exploited by ads.

@RissViss This depends on whether or not code can be run on this machine. Unfortunately, I don’t have pfSense running, but I assume that traffic is analysed for certain patterns and then passed along. Which means that even though the malicious JavaScript code might be looked at, pfSense won’t run said code. Therefore, I assume your pfSense box should be “safe”.

Well then the easy way to avoid that is don’t buy stuff online and buy local.

They absolutely are.

And being Core 2 Duo’s they’re even more broken than most other CPU’s due to numerous other CPU bugs.

TLDR: If you’re only running your own trusted code (as opposed to web browser or shared host) on them then spectre and meltdown are the least of your worries.

1 Like

If they are the lease of my worries, what should I be worried about when using a core 2 duo.

Always willing to learn something new.

1 Like

Honestly it’s not something most people should or have to worry about.

It requires very specialized exploits to target something based on this and I just dont see that happening.
System stability and old age are your main concern right now with those old machines.

As for the Core 2 Errata list, see page 40 in this:
http://download.intel.com/design/mobile/SPECUPDT/31407918.pdf

Some of these bugs have been worked around. Many are still unpatched, but they’re just too low yield to bother with exploiting en mass. You would have to make yourself a target to worry about this and then I’d be more worried about the $5 hammer attack.

An article from the time when Linux was being adapted for Core 2.

Regarding the subtitle question:
As we well know, it was the former.

TLDR:
Core 2 is broke and nobody will fix it. It’s also not helpful to worry about.
Your CPU’s will die before the CPU bugs they have get exploited.
Web JS & phishing borne exploits are a more valid concern.