Is the Raspberry Pi Vulnerable to the Spectre or Meltdown exploit?

On January 3rd 2018 a loose group of Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp and Yuval Yarom came together to make

the public aware of, what seems to be, one of the most serious computer security vulnerability to date. These vulnerabilities, named "Spectre" and "Meltdown", allow programs access to any data in any location on the device, even areas which the operating environment specifically would block programs from accessing.

The reason this vulnerability is seen as so serious is because it is at processor level, which makes it hard to patch.

This vulnerability effects all Apple iPhones, iPad, or Macbooks, most Intel processors and by extension some Arm Cortex processors.

As some Arm processors are used in, ALL Raspberry Pi, are the Arm Processors in the Raspberry Pi Vulnerable to the Spectre or Meltdown exploit?

I will save you the Click Bait...

Short answer is NO,

None of the Variants of the Raspberry Pi. (as of 5th January 2018) are vulnerable to Spectre or Meltdown exploit.

According to Arm directly:

https://developer.arm.com/support/security-update

The processor used by the Raspberry Pi are:

Raspberry Pi 1 and Zero (W): ARM11

Raspberry Pi 2 V1: ARM Cortex-A7

Raspberry Pi 2 V1.2 ARM Cortex-A53

Raspberry Pi 3: ARM Cortex-A53

The good news for Raspberry Pi users is that these are NOT on Arm's Definitive list of vulnerable processors:

Vulnerable Processors:

Processor	Variant 1	Variant 2	Variant 3	Variant 3a
Cortex-R7	Yes*	Yes*	No	No
Cortex-R8	Yes*	Yes*	No	No
Cortex-A8	Yes (under review)	Yes	No	No
Cortex-A9	Yes	Yes	No	No
Cortex-A15	Yes (under review)	Yes	No	Yes
Cortex-A17	Yes	Yes	No	No
Cortex-A57	Yes	Yes	No	Yes
Cortex-A72	Yes	Yes	No	Yes
Cortex-A73	Yes	Yes	No	No
Cortex-A75	Yes	Yes	Yes	No

* Note for Cortex-R cores: The common usage model for Cortex-R is in non-open environments where applications or processes are strictly controlled and hence not exploitable.

*Source https://developer.arm.com/support/security-update

I hope this slice of good news helps one of you concerns...... Unlike all Apple iPhones, iPad, or Macbooks, which are all vulnerable.

Please make sure you do not put off security updates!

More info: https://support.apple.com/en-us/HT208394

-e14Phil

Top Comments

mcb1 over 7 years ago

e14phil
I'm surprised at the number of chips that have a vunerability.

The news item I watched suggested Intel chips, and I was thankful I tended to use AMD processors.
However it appears that isn't the whole story.
Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM.

SO it looks like some digging is required for some patches.

Thanks for sharing this

Mark

From the ARM link Phil provided :-
https://developer.arm.com/support/security-update/download-the-whitepaper
https://googleprojectzero.blogspot.co.nz/
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pdf
- Cancel
- Vote Up +2 Vote Down
- Sign in to reply
- More
- Cancel
mcb1 over 7 years ago in reply to shabaz

shabaz
Maybe harder for Apple who have very few models of phones released each year.

Naah they'll be fine since it's older hardware Apple's apple will make it run slower, so the exploit will be slowed right down

It just shows that despite updating the OS, it all comes down to stuff inside a chip that provides the venerability.

Mark
- Cancel
- Vote Up +1 Vote Down
- Sign in to reply
- More
- Cancel
beacon_dave over 7 years ago

There is some related reading material published here on the Raspberry Pi blog which may be of some interest:
https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
- Cancel
- Vote Up +3 Vote Down
- Sign in to reply
- More
- Cancel
shabaz over 7 years ago

Hi Phil,

Thanks for this table - nice summary!! I suspect some manufacturers will now diversify and start using different architectures across their ranges, just to reduce risk exposure for future vulnerabilities/bugs/flaws.
Maybe harder for Apple who have very few models of phones released each year.
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel