Page 19 of 22 FirstFirst ... 91718192021 ... LastLast
Results 181 to 190 of 211

Thread: Meltdown and Spectre Discussion Sticky

  1. #181
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    341
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    On my Artful with PPA from https://launchpad.net/~canonical-ker..._filter=artful I have now the new kernel 4.13.0-33 with retpoline mitigations
    Code:
    corrado@corrado-p6-aa:~$ sudo ./Downloads/spectre-meltdown-checker-master/spectre-meltdown-checker.sh
    [sudo] password for corrado: 
    Spectre and Meltdown mitigation detection tool v0.34+
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-33-generic #36-Ubuntu SMP Tue Feb 6 20:30:50 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  NO 
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 158 stepping 9 ucode 0x5e)
    * CPU vulnerability to the three speculative execution attacks variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel has array_index_mask_nospec:  NO 
    * Checking count of LFENCE instructions following a jump in kernel...  NO  (only 5 jump-then-lfence instructions found, should be >= 30 (heuristic))
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  NO 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  NO 
    * Mitigation 2
      * Kernel compiled with retpoline option:  YES 
      * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
      * Retpoline enabled:  YES 
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    A false sense of security is worse than no security at all, see --disclaimer
    corrado@corrado-p6-aa:~$

  2. #182
    Join Date
    Feb 2010
    Location
    Mystic Springs
    Beans
    14,306
    Distro
    Ubuntu Budgie 20.04 Focal Fossa

    Re: Meltdown and Spectre Discussion Sticky

    Protected after kernel update on 17.10.(proposed enabled)

    Code:
    uname -a
    Linux ubuntu 4.13.0-33-generic #36-Ubuntu SMP Tue Feb 6 20:30:50 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
    Code:
    Checking for vulnerabilities against running kernel Linux 4.13.0-33-generic #36-Ubuntu SMP Tue Feb 6 20:30:50 UTC 2018 x86_64
    CPU is  Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz
    
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)
    
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    
    A false sense of security is worse than no security at all, see --disclaimer
    “Start where you are. Use what you have. Do what you can".

    Ubuntu Documentation Search: Popular Pages
    Ubuntu: Security Basics
    Ubuntu: Flavors

  3. #183
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!

    Re: Meltdown and Spectre Discussion Sticky

    Xubuntu 18.04 (Proposed enabled)

    Code:
    $ uname -a
    Linux xubuntu 4.15.0-9-generic #10-Ubuntu SMP Thu Feb 8 20:22:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
    Code:
    $ sudo sh spectre-meltdown-checker.sh 
    [sudo] password for xubuntu: 
    Spectre and Meltdown mitigation detection tool v0.21
    
    Checking for vulnerabilities against live running kernel Linux 4.15.0-9-generic #10-Ubuntu SMP Thu Feb 8 20:22:38 UTC 2018 x86_64
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel:  YES  (186 opcodes found, which is >= 70)
    > STATUS:  NOT VULNERABLE  (heuristic to be improved when official patches become available)
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation:  NO 
    *   Kernel support for IBRS:  NO 
    *   IBRS enabled for Kernel space:  NO 
    *   IBRS enabled for User space:  NO 
    * Mitigation 2
    *   Kernel compiled with retpoline option:  YES 
    *   Kernel compiled with a retpoline-aware compiler:  NO 
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
    
    A false sense of security is worse than no security at all, see --disclaimer
    What do you think I should do now ? How do I get rid of this "STATUS: VULNERABLE" ?
    Last edited by linuxyogi; February 10th, 2018 at 10:54 AM.
    MX Linux 19
    Intel(R) Core(TM) i3-6100 CPU
    Ram 4GB
    Intel HD Graphics 530 (Skylake GT2)

  4. #184
    Join Date
    Feb 2010
    Location
    Mystic Springs
    Beans
    14,306
    Distro
    Ubuntu Budgie 20.04 Focal Fossa

    Re: Meltdown and Spectre Discussion Sticky

    What do you think I should do now ? How do I get rid of this "STATUS: VULNERABLE" ?


    Wait , it took 4 updates for my cpu to be covered.
    “Start where you are. Use what you have. Do what you can".

    Ubuntu Documentation Search: Popular Pages
    Ubuntu: Security Basics
    Ubuntu: Flavors

  5. #185
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by Frogs Hair View Post
    Wait , it took 4 updates for my cpu to be covered.
    +1
    Code:
    sudo sh spectre-meltdown-checker.sh 
    Spectre and Meltdown mitigation detection tool v0.32
    
    Checking for vulnerabilities against running kernel Linux 4.15.2-2-ARCH #1 SMP PREEMPT Thu Feb 8 18:54:52 UTC 2018 x86_64
    CPU is  Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    > STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    A false sense of security is worse than no security at all, see --disclaimer
    And:
    Code:
    grep . /sys/devices/system/cpu/vulnerabilities/*
    /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
    /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
    /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags

  6. #186
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Meltdown and Spectre Discussion Sticky

    @linuxyogi,

    Patience is a necessary virtue at this time. I am not covered either, nor is practically anyone else:
    Code:
    duckhook@Zeus:~/bin$ sudo ./spectre-meltdown-checker.sh
    Spectre and Meltdown mitigation detection tool v0.34
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-32-generic #35-Ubuntu SMP Thu Jan 25 09:13:46 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  NO 
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 45 stepping 7 ucode 0x710)
    * CPU vulnerability to the three speculative execution attacks variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Kernel has array_index_mask_nospec:  NO 
    * Checking count of LFENCE instructions following a jump in kernel:  YES  (65 jump-then-lfence instructions found, which is >= 30 (heuristic))
    > STATUS:  NOT VULNERABLE  (Kernel source has PROBABLY been patched to mitigate the vulnerability (jump-then-lfence instructions heuristic))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  NO 
    * Mitigation 2
      * Kernel compiled with retpoline option:  NO 
      * Kernel compiled with a retpoline-aware compiler:  NO 
      * Retpoline enabled:  NO 
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
    In my case, I am running the latest tested kernel for Artful (17.10). You must carefully note that both Frogs Hair and 1fallen are running more dangerous kernels. In Frogs Hair's case, he has proposed turned on. Do not do this unless you are accustomed to living dangerously with possible breakage in other parts of your system. In 1fallen's case, he compiles his own kernels. This yields essentially a customized install that he is on his own to maintain and update. Both of these gentlemen are very skilled Linux experts. You must assess your own level of expertise and decide if the small theoretical exposure posed by Spectre at this time is worth trading for either potential breakage of your system, or continual need to maintain a personally customized system.

  7. #187
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!

    Re: Meltdown and Spectre Discussion Sticky

    Thanks everyone for the replies. I will simply wait and follow this thread.
    MX Linux 19
    Intel(R) Core(TM) i3-6100 CPU
    Ram 4GB
    Intel HD Graphics 530 (Skylake GT2)

  8. #188
    Join Date
    Mar 2006
    Location
    Oxford, OH, USA
    Beans
    1,055
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Meltdown and Spectre Discussion Sticky

    Code:
    $ lsb_release -a
    LSB Version:	core-9.20160110ubuntu0.2-amd64:core-9.20160110ubuntu0.2-noarch:printing-9.20160110ubuntu0.2-amd64:printing-9.20160110ubuntu0.2-noarch:security-9.20160110ubuntu0.2-amd64:security-9.20160110ubuntu0.2-noarch
    Distributor ID:	Ubuntu
    Description:	Ubuntu 16.04.3 LTS
    Release:	16.04
    Codename:	xenial
    Code:
    $ inxi -SCGx
    System:    Host: XXXXX Kernel: 4.13.0-35-generic x86_64 (64 bit gcc: 5.4.0)
               Desktop: Unity 7.4.5 (Gtk 3.18.9-1ubuntu3.3) Distro: Ubuntu 16.04 xenial
    CPU:       Dual core Intel Core i7-7500U (-HT-MCP-) cache: 4096 KB
               flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 11616
               clock speeds: max: 3500 MHz 1: 2900 MHz 2: 2900 MHz 3: 2900 MHz 4: 2900 MHz
    Graphics:  Card: Intel Device 5916 bus-ID: 00:02.0
               Display Server: X.Org 1.19.5 drivers: (unloaded: fbdev,vesa) Resolution: 1920x1080@60.02hz
               GLX Renderer: Mesa DRI Intel HD Graphics 620 (Kaby Lake GT2)
               GLX Version: 3.0 Mesa 18.1.0-devel - padoka PPA Direct Rendering: Yes
    Code:
    Spectre and Meltdown mitigation detection tool v0.34+
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-35-generic #39~16.04.1-Ubuntu SMP Mon Feb 12 15:02:37 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  NO 
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 142 stepping 9 ucode 0x62)
    * CPU vulnerability to the three speculative execution attacks variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel has array_index_mask_nospec:  NO 
    * Checking count of LFENCE instructions following a jump in kernel:  YES  (70 jump-then-lfence instructions found, which is >= 30 (heuristic))
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  NO 
    * Mitigation 2
      * Kernel compiled with retpoline option:  YES 
      * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
      * Retpoline enabled:  YES 
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    A false sense of security is worse than no security at all, see --disclaimer
    ________________________________
    System76 Lemur Laptop
    Ubuntu Xenial Xerus LTS 16.04
    Linux Registered User #434330

  9. #189
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    341
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    new intel microcode promoved to production: https://newsroom.intel.com/wp-conten...e-guidance.pdf
    how long do we have to wait? some predictions?

  10. #190
    Join Date
    Dec 2017
    Location
    RockyMts
    Beans
    1,170

    Re: Meltdown and Spectre Discussion Sticky


Page 19 of 22 FirstFirst ... 91718192021 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •