Page 13 of 21 FirstFirst ... 31112131415 ... LastLast
Results 121 to 130 of 207

Thread: Meltdown and Spectre Discussion Sticky

  1. #121
    Join Date
    Dec 2017
    Beans
    607

    Re: Meltdown and Spectre Discussion Sticky

    I did a thread search and got nothing, so I ask...

    Would running a virtual machine (virtualbox) offer any protection to the host? Or sharing the same processor will do nothing useful.

  2. #122
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: Meltdown and Spectre Discussion Sticky

    One of the vulnerabilities in this mess is that Spectre crosses the VM boundary. So there is not, as yet, fully dependable protection.
    Please read The Forum Rules and The Forum Posting Guidelines
    My Blog
    A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
    This universe is crazy. I'm going back to my own.

  3. #123
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by cruzer001 View Post
    …Would running a virtual machine (virtualbox) offer any protection to the host? Or sharing the same processor will do nothing useful.
    One of the biggest problems with both of these side channel attacks is that they can theoretically bypass VM protection and peer into adjacent VMs (even the kernel, which is really serious). Therefore, guest OSes must by patched in addition to that of the host.

    However, keep in mind that these vulnerabilities are still theoretical (for now). Meltdown has already been mitigated. Spectre is much harder, both to patch but also to exploit. In the meantime, best advice is to stay informed and vigilant, but not to panic either—which does just as much harm—especially taking action that compromises a functional working system. It's admittedly a tough balancing act.

    Edit: Ninja'd by QIII (the rascal ).

  4. #124
    Join Date
    Dec 2017
    Beans
    607

    Re: Meltdown and Spectre Discussion Sticky

    I had not considered VM side channel attacks. ouch

    Thanks guys

  5. #125
    Join Date
    Feb 2010
    Location
    Summerwind
    Beans
    12,889
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    Post kernel and microcode updates.
    Model name: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz.

    Code:
    Spectre and Meltdown mitigation detection tool v0.27
    
    
    Checking for vulnerabilities against live running kernel Linux 4.13.0-25-generic #29-Ubuntu SMP Mon Jan 8 21:14:41 UTC 2018 x86_64
    
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel:  NO 
    > STATUS:  VULNERABLE  (only 29 opcodes found, should be >= 70, heuristic to be improved when official patches become available)
    
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation:  NO 
    *   Kernel support for IBRS:  NO 
    *   IBRS enabled for Kernel space:  NO 
    *   IBRS enabled for User space:  NO 
    * Mitigation 2
    *   Kernel compiled with retpoline option:  NO 
    *   Kernel compiled with a retpoline-aware compiler:  NO 
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
    
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
    
    
    A false sense of security is worse than no security at all, see --disclaimer
    “Start where you are. Use what you have. Do what you can".

    Ubuntu Documentation Search: Popular Pages
    Ubuntu: Security Basics
    Ubuntu: Manual

  6. #126
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by Frogs Hair View Post
    Post kernel and microcode updates…
    Hi Frogs Hair. When did you receive your microcode update? I have the driver installed, but don't remember receiving an update. Did you install manually? Also, I'm not sure that a microcode update alone will mitigate Spectre. I believe that both microcode and patch is required to do any good.

    Edit:

    Never mind. Just got it now with today's update.
    Last edited by DuckHook; January 12th, 2018 at 09:13 PM. Reason: Postscript

  7. #127
    Join Date
    Feb 2010
    Location
    Summerwind
    Beans
    12,889
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by DuckHook View Post
    Hi Frogs Hair. When did you receive your microcode update? I have the driver installed, but don't remember receiving an update. Did you install manually? Also, I'm not sure that a microcode update alone will mitigate Spectre. I believe that both microcode and patch is required to do any good.
    It was manually installed since installation and it was updated on 1-11-18


    Code:
    Commit Log for Thu Jan 11 15:28:01 2018
    
    
    
    
    Upgraded the following packages:
    intel-microcode (3.20170707.1) to 3.20180108.0~ubuntu17.10.1
    Last edited by Frogs Hair; January 12th, 2018 at 09:15 PM.
    “Start where you are. Use what you have. Do what you can".

    Ubuntu Documentation Search: Popular Pages
    Ubuntu: Security Basics
    Ubuntu: Manual

  8. #128
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by Frogs Hair View Post
    It was installed since installation and it was updated on 1-11-18
    Thanks. Just got it right now.

  9. #129
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Meltdown and Spectre Discussion Sticky

    Just rebooted and ran spectre-meltdown-checker.sh

    Rats. I have a Sandy-bridge, so microcode can't be applied in my case. Will have to rely entirely on future kernel patches, unless Intel releases better microcode.

  10. #130
    Join Date
    Feb 2010
    Location
    Summerwind
    Beans
    12,889
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    Enabled proposed updates on 17.10 and eliminated one more vulnerability. I don't recommend this unless you want to deal with potential problems caused by proposed packages.

    Before Proposed Updates:
    Code:
    Checking for vulnerabilities against live running kernel Linux 4.13.0-25-generic #29-Ubuntu SMP Mon Jan 8 21:14:41 UTC 2018 x86_64
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel:  NO 
    > STATUS:  VULNERABLE  (only 29 opcodes found, should be >= 70, heuristic to be improved when official patches become available)
    After Proposed:
    Code:
    Spectre and Meltdown mitigation detection tool v0.28
    
    
    Checking for vulnerabilities against running kernel Linux 4.13.0-29-generic #32-Ubuntu SMP Fri Jan 12 12:02:18 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz
    
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel:  YES 
    > STATUS:  NOT VULNERABLE  (114 opcodes found, which is >= 70, heuristic to be improved when official patches become available)
    Last edited by Frogs Hair; January 13th, 2018 at 06:30 PM.
    “Start where you are. Use what you have. Do what you can".

    Ubuntu Documentation Search: Popular Pages
    Ubuntu: Security Basics
    Ubuntu: Manual

Page 13 of 21 FirstFirst ... 31112131415 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •