Page 18 of 22 FirstFirst ... 81617181920 ... LastLast
Results 171 to 180 of 211

Thread: Meltdown and Spectre Discussion Sticky

  1. #171
    Join Date
    Jan 2018
    Beans
    51

    Re: Meltdown and Spectre Discussion Sticky

    everything ok in my output I should update some more package this output is without administrative previgelios ie without root or sudo gave this result should I test with root or sudo?
    Thanks for listening.

    Code:
    Intel-microcode:
      Instalado: 3.20180108.0+really20170707ubuntu16.04.1
      Candidato: 3.20180108.0+really20170707ubuntu16.04.1
      Tabela de versão:
     *** 3.20180108.0+really20170707ubuntu16.04.1 500
            500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
            500 http://archive.ubuntu.com/ubuntu xenial-security/main amd64 Packages
            100 /var/lib/dpkg/status
         3.20151106.1 500
            500 http://archive.ubuntu.com/ubuntu xenial/restricted amd64 Packages
    Last edited by slickymaster; January 26th, 2018 at 09:49 AM. Reason: code tags

  2. #172
    Join Date
    Mar 2006
    Location
    Oxford, OH, USA
    Beans
    1,055
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Meltdown and Spectre Discussion Sticky

    Yep, couldn't agree more. Should have immediately stopped selling chips through the Xmas season. Apologised, worked to fix.
    ________________________________
    System76 Lemur Laptop
    Ubuntu Xenial Xerus LTS 16.04
    Linux Registered User #434330

  3. #173
    Join Date
    Mar 2006
    Location
    Oxford, OH, USA
    Beans
    1,055
    Distro
    Ubuntu 16.04 Xenial Xerus

    Question Re: Meltdown and Spectre Discussion Sticky

    Hi,

    So, I guess at this point, we need a proper INTEL microcode/firmware update to deal with Spectre Variant 2? Would that be correct?

    Thanks

    Code:
    $ lsb_release -a
    LSB Version:	core-9.20160110ubuntu0.2-amd64:core-9.20160110ubuntu0.2-noarch:printing-9.20160110ubuntu0.2-amd64:printing-9.20160110ubuntu0.2-noarch:security-9.20160110ubuntu0.2-amd64:security-9.20160110ubuntu0.2-noarch
    Distributor ID:	Ubuntu
    Description:	Ubuntu 16.04.3 LTS
    Release:	16.04
    Codename:	xenial

    Code:
    Spectre and Meltdown mitigation detection tool v0.32
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-32-generic #35~16.04.1-Ubuntu SMP Thu Jan 25 10:13:43 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  NO 
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
    * CPU vulnerability to the three speculative execution attacks variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel:  YES 
    > STATUS:  NOT VULNERABLE  (114 opcodes found, which is >= 70, heuristic to be improved when official patches become available)
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO  (echo 1 > /proc/sys/kernel/ibrs_enabled)
        * IBRS enabled for User space:  NO  (echo 2 > /proc/sys/kernel/ibrs_enabled)
        * IBPB enabled:  NO  (echo 1 > /proc/sys/kernel/ibpb_enabled)
    * Mitigation 2
      * Kernel compiled with retpoline option:  NO 
      * Kernel compiled with a retpoline-aware compiler:  NO 
      * Retpoline enabled:  NO 
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
    
    A false sense of security is worse than no security at all, see --disclaimer
    ________________________________
    System76 Lemur Laptop
    Ubuntu Xenial Xerus LTS 16.04
    Linux Registered User #434330

  4. #174
    Join Date
    Jan 2018
    Beans
    1

    Re: Meltdown and Spectre Discussion Sticky

    Hi,

    It seems like there won't be 32-bit x86 architecture Meltdown patched kernels:

    No fix is currently available for Meltdown on 32-bit x86; moving to a 64-bit kernel is the currently recommended mitigation.
    https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

    Sigh.

  5. #175
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!

    Re: Meltdown and Spectre Discussion Sticky

    Before installing microcode

    Code:
    $ sudo sh spectre-meltdown-checker.sh 
    [sudo] password for xubuntu: 
    Spectre and Meltdown mitigation detection tool v0.21
    
    Checking for vulnerabilities against live running kernel Linux 4.14.0-16-generic #19-Ubuntu SMP Mon Jan 8 17:50:31 UTC 2018 x86_64
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel:  NO  (only 42 opcodes found, should be >= 70)
    > STATUS:  VULNERABLE  (heuristic to be improved when official patches become available)
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation:  NO 
    *   Kernel support for IBRS:  NO 
    *   IBRS enabled for Kernel space:  NO 
    *   IBRS enabled for User space:  NO 
    * Mitigation 2
    *   Kernel compiled with retpoline option:  NO 
    *   Kernel compiled with a retpoline-aware compiler:  NO 
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
    
    A false sense of security is worse than no security at all, see --disclaimer



    After installing microcode

    Code:
    $ sudo sh spectre-meltdown-checker.sh 
    [sudo] password for xubuntu: 
    Spectre and Meltdown mitigation detection tool v0.21
    
    Checking for vulnerabilities against live running kernel Linux 4.14.0-16-generic #19-Ubuntu SMP Mon Jan 8 17:50:31 UTC 2018 x86_64
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel:  NO  (only 42 opcodes found, should be >= 70)
    > STATUS:  VULNERABLE  (heuristic to be improved when official patches become available)
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation:  NO 
    *   Kernel support for IBRS:  NO 
    *   IBRS enabled for Kernel space:  NO 
    *   IBRS enabled for User space:  NO 
    * Mitigation 2
    *   Kernel compiled with retpoline option:  NO 
    *   Kernel compiled with a retpoline-aware compiler:  NO 
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
    
    A false sense of security is worse than no security at all, see --disclaimer
    Kindly have a look and tell me if I am patched.
    MX Linux 19
    Intel(R) Core(TM) i3-6100 CPU
    Ram 4GB
    Intel HD Graphics 530 (Skylake GT2)

  6. #176
    Join Date
    Oct 2013
    Beans
    104

    Re: Meltdown and Spectre Discussion Sticky

    AMD Speaks

    Well spoke ... 4 days ago - the white paper:

    http://www.amd.com/en/corporate/spec...IwMzE0ODcwNwS2

  7. #177
    Join Date
    Oct 2009
    Location
    Reykjavík, Ísland
    Beans
    13,687
    Distro
    Xubuntu 19.10 Eoan Ermine

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by ivanagui2 View Post
    Hi,

    It seems like there won't be 32-bit x86 architecture Meltdown patched kernels:

    https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

    Sigh.
    There won't for the time being, like there won't for ARM. It's not the same as 'there will never be a patch'. The developers just have to focus on the most common hardware platform first. Please see the first two pages of the thread.

    If I have the choice between A) unpatched 32 bit hardware with a theoretical risk of a future attack if Spectre and Meltdown should happen to be exploited some day and B) patched 64 bit hardware with their built in so-called management engines and other kinds of backdoors my choice is A. In fact it's one of the reasons why I keep old hardware alive as long as possible.
    Bringing old hardware back to life. About problems due to upgrading.
    Please visit Quick Links -> Unanswered Posts.
    Don't use this space for a list of your hardware. It only creates false hits in the search engines.

  8. #178
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    341
    Distro
    Ubuntu Development Release

    Question Re: Meltdown and Spectre Discussion Sticky

    in https://launchpad.net/~canonical-ker..._filter=artful I see a kernel 4.13.0-33.36~retpoline4
    on my Artful I have the PPA and proposed enabled, but still the old kernel also after apt update+upgrade
    may you explain that? thanks.
    Code:
    corrado@corrado-p6-aa:~$ date
    ven  2 feb 2018, 11.36.46, CET
    corrado@corrado-p6-aa:~$ inxi -CSx
    System:    Host: corrado-p6-aa Kernel: 4.13.0-32-generic x86_64
               bits: 64 gcc: 7.2.0
               Desktop: Gnome 3.26.2 (Gtk 3.22.25-0ubuntu0.1)
               Distro: Ubuntu 17.10
    CPU:       Dual core Intel Core i3-7100 (-HT-MCP-) 
               arch: Skylake rev.9 cache: 3072 KB
               flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 15648
               clock speeds: max: 3900 MHz 1: 3900 MHz 2: 3900 MHz 3: 3900 MHz
               4: 3900 MHz
    corrado@corrado-p6-aa:~$ sudo apt update
    [sudo] password for corrado: 
    Hit:1 http://archive.ubuntu.com/ubuntu artful InRelease
    Hit:2 http://ppa.launchpad.net/canonical-kernel-team/spectre/ubuntu artful InRelease
    Get:3 http://archive.ubuntu.com/ubuntu artful-updates InRelease [78,6 kB]
    Get:4 http://archive.ubuntu.com/ubuntu artful-backports InRelease [72,2 kB]
    Get:5 http://archive.ubuntu.com/ubuntu artful-security InRelease [78,6 kB]
    Get:6 http://archive.ubuntu.com/ubuntu artful-proposed InRelease [235 kB]
    Get:7 http://archive.ubuntu.com/ubuntu artful-updates/main i386 Packages [172 kB]
    Get:8 http://archive.ubuntu.com/ubuntu artful-updates/main amd64 Packages [174 kB]
    Get:9 http://archive.ubuntu.com/ubuntu artful-updates/main amd64 DEP-11 Metadata [73,3 kB]
    Get:10 http://archive.ubuntu.com/ubuntu artful-updates/main DEP-11 64x64 Icons [49,2 kB]
    Get:11 http://archive.ubuntu.com/ubuntu artful-updates/universe i386 Packages [69,3 kB]
    Get:12 http://archive.ubuntu.com/ubuntu artful-updates/universe amd64 Packages [69,8 kB]
    Get:13 http://archive.ubuntu.com/ubuntu artful-updates/universe amd64 DEP-11 Metadata [48,5 kB]
    Get:14 http://archive.ubuntu.com/ubuntu artful-updates/universe DEP-11 64x64 Icons [49,7 kB]
    Get:15 http://archive.ubuntu.com/ubuntu artful-backports/universe i386 Packages [3.396 B]
    Get:16 http://archive.ubuntu.com/ubuntu artful-backports/universe amd64 Packages [3.404 B]
    Get:17 http://archive.ubuntu.com/ubuntu artful-backports/universe amd64 DEP-11 Metadata [4.712 B]
    Get:18 http://archive.ubuntu.com/ubuntu artful-security/main amd64 DEP-11 Metadata [2.924 B]
    Get:19 http://archive.ubuntu.com/ubuntu artful-security/universe amd64 DEP-11 Metadata [10,4 kB]
    Get:20 http://archive.ubuntu.com/ubuntu artful-security/universe DEP-11 64x64 Icons [10,1 kB]
    Get:21 http://archive.ubuntu.com/ubuntu artful-proposed/universe amd64 DEP-11 Metadata [8.556 B]
    Get:22 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 DEP-11 Metadata [6.272 B]
    Fetched 1.219 kB in 1s (834 kB/s)                                         
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    All packages are up to date.
    corrado@corrado-p6-aa:~$

  9. #179
    Join Date
    Jun 2007
    Beans
    17,319

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by corradoventu View Post
    in https://launchpad.net/~canonical-ker..._filter=artful I see a kernel 4.13.0-33.36~retpoline4
    on my Artful I have the PPA and proposed enabled, but still the old kernel also after apt update+upgrade
    may you explain that? thanks.
    Code:
    corrado@corrado-p6-aa:~$ date
    ven  2 feb 2018, 11.36.46, CET
    corrado@corrado-p6-aa:~$ inxi -CSx
    System:    Host: corrado-p6-aa Kernel: 4.13.0-32-generic x86_64
               bits: 64 gcc: 7.2.0
               Desktop: Gnome 3.26.2 (Gtk 3.22.25-0ubuntu0.1)
               Distro: Ubuntu 17.10
    CPU:       Dual core Intel Core i3-7100 (-HT-MCP-) 
               arch: Skylake rev.9 cache: 3072 KB
               flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 15648
               clock speeds: max: 3900 MHz 1: 3900 MHz 2: 3900 MHz 3: 3900 MHz
               4: 3900 MHz
    corrado@corrado-p6-aa:~$ sudo apt update
    [sudo] password for corrado: 
    Hit:1 http://archive.ubuntu.com/ubuntu artful InRelease
    Hit:2 http://ppa.launchpad.net/canonical-kernel-team/spectre/ubuntu artful InRelease
    Get:3 http://archive.ubuntu.com/ubuntu artful-updates InRelease [78,6 kB]
    Get:4 http://archive.ubuntu.com/ubuntu artful-backports InRelease [72,2 kB]
    Get:5 http://archive.ubuntu.com/ubuntu artful-security InRelease [78,6 kB]
    Get:6 http://archive.ubuntu.com/ubuntu artful-proposed InRelease [235 kB]
    Get:7 http://archive.ubuntu.com/ubuntu artful-updates/main i386 Packages [172 kB]
    Get:8 http://archive.ubuntu.com/ubuntu artful-updates/main amd64 Packages [174 kB]
    Get:9 http://archive.ubuntu.com/ubuntu artful-updates/main amd64 DEP-11 Metadata [73,3 kB]
    Get:10 http://archive.ubuntu.com/ubuntu artful-updates/main DEP-11 64x64 Icons [49,2 kB]
    Get:11 http://archive.ubuntu.com/ubuntu artful-updates/universe i386 Packages [69,3 kB]
    Get:12 http://archive.ubuntu.com/ubuntu artful-updates/universe amd64 Packages [69,8 kB]
    Get:13 http://archive.ubuntu.com/ubuntu artful-updates/universe amd64 DEP-11 Metadata [48,5 kB]
    Get:14 http://archive.ubuntu.com/ubuntu artful-updates/universe DEP-11 64x64 Icons [49,7 kB]
    Get:15 http://archive.ubuntu.com/ubuntu artful-backports/universe i386 Packages [3.396 B]
    Get:16 http://archive.ubuntu.com/ubuntu artful-backports/universe amd64 Packages [3.404 B]
    Get:17 http://archive.ubuntu.com/ubuntu artful-backports/universe amd64 DEP-11 Metadata [4.712 B]
    Get:18 http://archive.ubuntu.com/ubuntu artful-security/main amd64 DEP-11 Metadata [2.924 B]
    Get:19 http://archive.ubuntu.com/ubuntu artful-security/universe amd64 DEP-11 Metadata [10,4 kB]
    Get:20 http://archive.ubuntu.com/ubuntu artful-security/universe DEP-11 64x64 Icons [10,1 kB]
    Get:21 http://archive.ubuntu.com/ubuntu artful-proposed/universe amd64 DEP-11 Metadata [8.556 B]
    Get:22 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 DEP-11 Metadata [6.272 B]
    Fetched 1.219 kB in 1s (834 kB/s)                                         
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    All packages are up to date.
    corrado@corrado-p6-aa:~$
    Did the kernel packages install or not (3), if not then they're not an upgrade but stand-alone meaning you need to specifically install them.
    Note that those ppa packages may never get updated or may be determined to not be suitable, ect.

  10. #180
    Join Date
    Jun 2008
    Location
    Byron, CA, USA
    Beans
    514
    Distro
    Ubuntu 16.04 Xenial Xerus

    Question Re: Meltdown and Spectre Discussion Sticky

    Concerning CVE-2017-5715, which Kernel series will have Retpoline backported? As of February 2018 I've Kernel 4.13.0-32-generic but anticipate availability initially for 4.16.0-5-generic as a HWE-Edge backport from 18.04.0-LTS, when Bionic Beaver is released for distribution, to 16.04.5-LTS. (AFaIK, 18.01a2 Bionic has 4.16.0-1 as of 5 February 2018, but this will be upgraded through 18.02b1, 18.03b2 and 18.04rc.)
    Video Drivers:
    nVIDIA® nForce® chipsets require discrete GPU's up to Kepler and the nvidia-current metapackage.
    Most intel® ExpressSets™ and AMD® RS-Series are fully supported in open source.

Page 18 of 22 FirstFirst ... 81617181920 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •