Page 16 of 22 FirstFirst ... 61415161718 ... LastLast
Results 151 to 160 of 211

Thread: Meltdown and Spectre Discussion Sticky

  1. #151
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    11,321
    Distro
    Ubuntu

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by espectro2 View Post
    DuckHook One last question to check if vulnerability is affecting the machine or which of these two tools give the most successful result?

    thanks for listening

    > https://github.com/speed47/spectre-meltdown-checker

    > Intel–SA–00086 Detection Tool
    https://security-center.intel.com/ad...elid=INTEL-SA-
    00086&languageid=en-fr
    They're different detection tools for different problems.

    The github script is for detecting your system's meltdown/spectre situation.
    (whether or not you have been patched or not and also what has been patched)
    So that deals directly with the purpose of this thread.

    The intel-sa-00086 tool is for detecting what intel management engine version you have.
    That's unrelated to this thread.
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  2. #152
    Join Date
    Jan 2018
    Beans
    51

    Re: Meltdown and Spectre Discussion Sticky

    DuckHook Our excuse, I understood everything wrong, even though you clarified it, I thought it was related.
    Thanks for listening.

  3. #153
    Join Date
    Aug 2006
    Location
    gypsy encampment
    Beans
    602
    Distro
    Lubuntu 18.04 Bionic Beaver

    Re: Meltdown and Spectre Discussion Sticky

    I found this command to check for patch installation:

    Code:
    grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched :)" || echo "unpatched :("
    Unfortunately for me, 32-bit machines haven't been patched yet. Output of command attached.
    Attached Images Attached Images
    Reminder: If you start a thread asking for help with a problem, please remember to use the Thread Tools to mark the issue as "SOLVED" once you have a solution. This will help other people with the same problem when they search for answers.

  4. #154
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    341
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    https://wiki.ubuntu.com/SecurityTeam...treAndMeltdown
    2018 Jan 12: Linux kernel version 4.13.0-29.32 for Artful 17.10 with Spectre mitigations is available in artful-proposed for testing. but up today (Jan 21) is not yet in the stable channel, does this indicate that there are problems?

  5. #155
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by corradoventu View Post
    …does this indicate that there are problems?
    Of course there are problems. That is normal. That's also the point in having a testing process. Newer kernels must be tested and debugged thoroughly. This takes time. The fact that it is in proposed means that it is being worked on.

    BTW, I would not recommend turning on proposed unless you are used to hosing your system and rebuilding it. Testers and developers revel in proposed, but it is not for the timid like me.

  6. #156
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    341
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    I have 2 partitions with Artful, one without proposed and one on which i have enabled proposed just to install the new kernel, and then again disabled. Same for Bionic. I was just amazed for this long time.
    Last edited by corradoventu; January 22nd, 2018 at 09:51 AM.

  7. #157
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!

    Re: Meltdown and Spectre Discussion Sticky

    Code:
    $ sudo sh spectre-meltdown-checker.sh 
    [sudo] password for xubuntu: 
    Spectre and Meltdown mitigation detection tool v0.21
    
    Checking for vulnerabilities against live running kernel Linux 4.14.0-16-generic #19-Ubuntu SMP Mon Jan 8 17:50:31 UTC 2018 x86_64
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel:  NO  (only 42 opcodes found, should be >= 70)
    > STATUS:  VULNERABLE  (heuristic to be improved when official patches become available)
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation:  NO 
    *   Kernel support for IBRS:  NO 
    *   IBRS enabled for Kernel space:  NO 
    *   IBRS enabled for User space:  NO 
    * Mitigation 2
    *   Kernel compiled with retpoline option:  NO 
    *   Kernel compiled with a retpoline-aware compiler:  NO 
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
    
    A false sense of security is worse than no security at all, see --disclaimer
    Can someone please translate the above in English and tell me if I am safe ?
    MX Linux 19
    Intel(R) Core(TM) i3-6100 CPU
    Ram 4GB
    Intel HD Graphics 530 (Skylake GT2)

  8. #158
    Join Date
    Jun 2009
    Location
    0:0:0:0:0:0:0:1
    Beans
    5,001
    Distro
    Xubuntu

    Re: Meltdown and Spectre Discussion Sticky

    You patched against meltdown, but not Spectre
    Laptop: ASUS A54C-NB91 (Storage: WD3200BEKT + MKNSSDCR60GB-DX); Desktop: Custom Build - Images included; rPi Server
    Putting your Networked Printer's scanner software to shame PHP Scanner Server
    I frequently edit my post when I have the last post

  9. #159
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by pqwoerituytrueiwoq View Post
    You patched against meltdown, but not Spectre
    How do I patch against Spectre ? By installing the microcode firmware ?
    MX Linux 19
    Intel(R) Core(TM) i3-6100 CPU
    Ram 4GB
    Intel HD Graphics 530 (Skylake GT2)

  10. #160
    Join Date
    Mar 2006
    Location
    Oxford, OH, USA
    Beans
    1,055
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Meltdown and Spectre Discussion Sticky

    Hello,

    On 16.04.3 LTS, most recent kernel in proposed (4.13.0-31-generic) now boots.

    Code:
    $ inxi -SCGx
    System:    Host: XXXXXXXXX Kernel: 4.13.0-31-generic x86_64 (64 bit gcc: 5.4.0)
               Desktop: Unity 7.4.5 (Gtk 3.18.9-1ubuntu3.3)
               Distro: Ubuntu 16.04 xenial
    CPU:       Dual core Intel Core i7-7500U (-HT-MCP-) cache: 4096 KB
               flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 11616
               clock speeds: max: 3500 MHz 1: 2900 MHz 2: 2900 MHz 3: 2900 MHz
               4: 2900 MHz
    Graphics:  Card: Intel Device 5916 bus-ID: 00:02.0
               Display Server: X.Org 1.19.5 drivers: (unloaded: fbdev,vesa)
               Resolution: 1920x1080@60.02hz, 1920x1080@60.00hz
               GLX Renderer: Mesa DRI Intel HD Graphics 620 (Kaby Lake GT2)
               GLX Version: 3.0 Mesa 17.3.2 - padoka PPA Direct Rendering: Yes


    Code:
    $ sudo ./spectre-meltdown-checker.sh
    Spectre and Meltdown mitigation detection tool v0.31
    
    Checking for vulnerabilities against running kernel Linux 4.13.0-31-generic #34~16.04.1-Ubuntu SMP Fri Jan 19 17:11:01 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel:  YES 
    > STATUS:  NOT VULNERABLE  (114 opcodes found, which is >= 70, heuristic to be improved when official patches become available)
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation
    *     The SPEC_CTRL MSR is available:  NO 
    *     The SPEC_CTRL CPUID feature bit is set:  NO 
    *   Kernel support for IBRS:  YES 
    *   IBRS enabled for Kernel space:  NO 
    *   IBRS enabled for User space:  NO 
    * Mitigation 2
    *   Kernel compiled with retpoline option:  NO 
    *   Kernel compiled with a retpoline-aware compiler:  NO 
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    * Checking if we're running under Xen PV (64 bits):  NO 
    > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
    
    A false sense of security is worse than no security at all, see --disclaimer
    ________________________________
    System76 Lemur Laptop
    Ubuntu Xenial Xerus LTS 16.04
    Linux Registered User #434330

Page 16 of 22 FirstFirst ... 61415161718 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •