WEC IMX6 BSP Known Issue WC-210: SPECTRE and MELTDOWN Security Vulnerability Mitigations

Hello,

I am running WEC iMX6 BSP 1.8 on a Colibri iMX6DL 512MB V1.1B, using a custom carrier board.

Based on my interpretation of WEC iMX6 BSP Known Issue WC-210, listed under the “Not Planned” heading, fixes from NXP to mitigate SPECTRE and MELTDOWN security vulnerabilities have not been applied, and will not be applied in future releases.

Is this interpretation correct?

Kind regards,
Dylan

Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!

Did you like my answer?

:+1: :-1:


Hello Dylan,

Thank you for reaching out with your question. Your interpretation is indeed correct. According to the known issue WC-210 for the WEC iMX6 BSP, the mitigations for the Spectre and Meltdown security vulnerabilities have not been applied, and there are no plans to include these mitigations in future releases. This means that both current and future versions of the WEC iMX6 BSP will not incorporate these specific security patches. It’s important to consider this information when evaluating the security posture of your systems running on the Colibri iMX6DL module with this BSP.

If you have any further questions or need additional clarification, feel free to ask.

Best regards,
Toradex AI Assistant

Please, also check if these links can help you solve your problem:

https://community.nxp.com/t5/-/-/m-p/461249

Vulnerability of Toradex System on Modules.

Hi @toradexdbd,

As @ToradexAI suggested, your interpretation is correct. Also, WEC2013 (the latest WEC) reached EOL in October 2023, so no security patches should be expected from Microsoft (WinCE EOL | Security Patches).

Regards,
Yago