4

All the updates on available linux systems have already been made.

But I also have an IBM i (AS400) server, I have not heard in the news. But obviously it is more lucrative for news channels to inform about intel, amd or ARM. Since POWER processors are not that famous.

Is there a report confirming whether or not the processors are vulnerable?

jasilva
  • 143
  • 5
  • 2
    This is now also covered by the canonical question [Meltdown and Spectre Vulnerabilities](https://security.stackexchange.com/questions/176803/meltdown-and-spectre-vulnerabilities), i.e. it is mentioned that PowerPC is affected and the relevant documentation from IBM is linked. – Steffen Ullrich Jan 05 '18 at 14:52

3 Answers3

4

Given that the PowerPC architecture does speculative execution and branch prediction too and has also multi-level caches I would expect that it is vulnerable to Spectre or similar timing based side channel attacks. As for the Meltdown attack I don't know since this attack needs some additional "optimizations" in the processor design and therefore fewer architectures are affected.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
4

I contacted IBM support and was advised to monitor the following links about the issue:

https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/

As of now it looks like the patches for IBM i and AIX will be available in Feb, and firmware patches on Jan 9th.

k3it
  • 156
  • 1
0

I have not seen any official news about IBMi being effected by this. Knowing what I know about the IBM i (AS400) operating systems designed, I highly doubt these vulnerabilities pose any real risk. A hacker would have to gain access and this vulnerability does not let them do that.