Results 1 to 5 of 5

Thread: Hardware vulnerabilities and the Kernel

  1. #1
    Join Date
    May 2024
    Beans
    6

    Hardware vulnerabilities and the Kernel

    Hi Guys,

    A simple question but maybe not easy to answer. I could not find it.

    I have some old computers. Hardware updates are not supported anymore.
    I was thinking, are hardware vulnerabilities fixed by the Kernel? The Kernel does support drivers and hardware right? Or am I wrong?

    And if I am wrong? How to fix hardware vulnerabilities on Linux/Ubuntu? The way I see it is that Fwupd does not nearly gives the same hardware updates that Windows does.

    Thanks for your help!

    Greetz,

    Bas

  2. #2
    Join Date
    May 2024
    Beans
    Hidden!

    Re: Hardware vulnerabilities and the Kernel

    The kernel is updated with the operating system. As long as you're on a supported release of Linux, your kernel is likely patched and secure. There are additional parameters and tools to audit and harden kernels, such as https://github.com/a13xp0p0v/kernel-hardening-checker - use them at your own risk, however.

    Fwupd manages the firmware of your devices and depends on the manufacturer of them to publish updates.

    Finally there are CPU vulnerabilities (such as meltdown and spectre), some of which can be patched or mitigated in software, but others which are architectural flaws or affect hardware which will never get updates. Here's another tool (again, use at your own risk) to assess some of those vulnerabilities - https://github.com/speed47/spectre-meltdown-checker

    The bottom line is to stay secure online you need a modern operating system with recent hardware and as many vulnerability mitigations enabled as can be tolerated.
    Last edited by currentshaft; 3 Weeks Ago at 03:58 PM. Reason: additional resource

  3. #3
    Join Date
    May 2024
    Beans
    6

    Re: Hardware vulnerabilities and the Kernel

    Thank you for your clear answer.

    A small follow up question.

    How much of a concern are hardware vulnerabilities? Do I have to worry if I only use my computers for the basic stuff. Browsing, some libreoffice things, a bit of Netflix?
    Too me it seems a lot of money to buy a new PC every couple of years because of hardware concerns. And Linux is doing so well on older PC's, it would be a shame.

    Thanks again!

    Henk

  4. #4
    Join Date
    May 2024
    Beans
    Hidden!

    Re: Hardware vulnerabilities and the Kernel

    Quote Originally Posted by henk982 View Post
    Thank you for your clear answer.

    A small follow up question.

    How much of a concern are hardware vulnerabilities? Do I have to worry if I only use my computers for the basic stuff. Browsing, some libreoffice things, a bit of Netflix?
    Too me it seems a lot of money to buy a new PC every couple of years because of hardware concerns. And Linux is doing so well on older PC's, it would be a shame.

    Thanks again!

    Henk
    It depends on your threat model (i.e., what you have to lose) and age of the hardware.

    There are processors, devices and firmware so old that simply visiting a page (not even executing Javascript) can give an attacker full control of your computer.

    However, such an attack requires relative sophistication on behalf of the attacker and the honest reality is most criminals are dumb and looking for a quick payout only. They are more likely to send you a phishing email, which most people will interact with, than to pull off a Mission Impossible style heist with hardware vulnerabilities.

    If you avoid opening emails (and especially attachments) from unknown contacts, don't click on suspicious links, keep your system and software patched, and do all the other security hygeine tasks, that already puts you out of reach of most adversaries. And any remaining adversaries with both the capabilities AND interest in you will find a way to get what they want regardless, so plan accordingly.

    Hope this helps, Henk.

  5. #5
    Join Date
    May 2024
    Beans
    6

    Re: Hardware vulnerabilities and the Kernel

    Thanks again for your reply Currentshaft. This really helps. Thank you!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •