Apologies for this newbie question. We have inherited an IBM p5 520 (9111-520) running AIX 6.1.0.0 which seems to be the base install and no further patches installed.
Is this vulnerable to the Spectre/Meltdown threat?
Are patches available?
Looks like AIX 6.1.0.0 went 'end of support' in April last year so are there even patches available for this new threat and can I get them for free or does the system need subscribing to IBM at a cost?
All IBM POWER CPUs, except POWER6, are out-of-order execution CPUs and afaiu may be vulnerable to the attacks. IBM speaks only about patches for POWER7+, POWER8 and POWER9, which should be available today. Patches for AIX 7.1/7.2 will be available in February (if you don't work for DoD).
With a version that old you perhaps have bigger security issues than Spectre/Meltdown attacks. 6.1 went out of support, as you stated, last April, but what went out of support were already patched with several TLs (technical levels) and SPs (service packs). Your system is about 6-7 years old, software-wise. AIX software doesn't have the turnover rate of Linux, were yesterdays patches are considered outdated by noon today, but even for AIX this is very very old.
Regarding the licensing and entitlement for updates: usually you buy a system with a support contract. The support contract entitles you to the free download of AIX versions/fixes/patches as they come out.You need to have a look about which licenses were bought for the system.
I am not sure if AIX 7.2 (which is the latest) will even run on a P5 but AIX 7.1 should work.
I hope this helps.
bakunin
Non Intel-x86 processors are quite safe.
No panic.
"old = unsafe" is a myth of the computer industry (guess why).
While "cheap and old = unsafe" is sometimes true (Linux, Windows).
I would not even upgrade AIX, just install the latest patches for the current AIX.
AIX 7.2 will only install on Power7 and newer.
Meltdown and Spectre affect all Power systems:
IBM Systems Magazine - Security Vulnerability Impacts POWER Processors
AIX patches, also for AIX 6.1 TL9
http://aix.software.ibm.com/aix/efixes/security/spectre\_meltdown_advisory.asc
While I am not an expert in this area - I do recall POWER6 does not do branch prediction. It is blazes ahead - and if the instruction path is wrong - then the pre-fetch is just thrown away.
The idea was that the tremendous jump in clock-speed was enough that the 'occasional' missed prediction was worth it. In other words - processor heat was from raw speed, rather than from parallel calculations computing branch prediction.
Again, not an expert - whether these vulnerabilities stem from any pre-fetch, or only from "predicted branch pre-fetch" - I don't know.
Yes, it's out there - and I am actually a bit more curious to hear about the 'monitors' or signature-scanners that get built to spot anything attempting to exploit it.
btw POWER6 is vulnerable too. There is an exploit...
happened across this, I was waiting on tingling tenterhooks for what IBM would do for p5 and p6. Nothing: Potential Impact on Processors in the POWER Family - IBM PSIRT Blog
No firmware updates for you !