Page 20 of 22 FirstFirst ... 101819202122 LastLast
Results 191 to 200 of 211

Thread: Meltdown and Spectre Discussion Sticky

  1. #191
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Meltdown and Spectre Discussion Sticky

    Kernel 4.13.0-36-generic available as a regular update this morning. These are my results:
    Code:
    duckhook@Zeus:~/bin$ sudo ./spectre-meltdown-checker.sh
    [sudo] password for duckhook: 
    Spectre and Meltdown mitigation detection tool v0.35
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-36-generic #40-Ubuntu SMP Fri Feb 16 20:07:48 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  NO 
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 45 stepping 7 ucode 0x710)
    * CPU vulnerability to the three speculative execution attacks variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel has array_index_mask_nospec:  NO 
    * Kernel has the Red Hat/Ubuntu patch:  YES 
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  NO 
    * Mitigation 2
      * Kernel compiled with retpoline option:  YES 
      * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    A false sense of security is worse than no security at all, see --disclaimer
    So… am now waiting for Intel to get around to releasing microcode for my CPU. Many of you may already have new microcode, so your results may look even better.

  2. #192
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by DuckHook View Post
    Kernel 4.13.0-36-generic available as a regular update this morning. These are my results:
    Code:
    duckhook@Zeus:~/bin$ sudo ./spectre-meltdown-checker.sh
    [sudo] password for duckhook: 
    Spectre and Meltdown mitigation detection tool v0.35
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-36-generic #40-Ubuntu SMP Fri Feb 16 20:07:48 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  NO 
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 45 stepping 7 ucode 0x710)
    * CPU vulnerability to the three speculative execution attacks variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel has array_index_mask_nospec:  NO 
    * Kernel has the Red Hat/Ubuntu patch:  YES 
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  NO 
    * Mitigation 2
      * Kernel compiled with retpoline option:  YES 
      * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    A false sense of security is worse than no security at all, see --disclaimer
    So… am now waiting for Intel to get around to releasing microcode for my CPU. Many of you may already have new microcode, so your results may look even better.
    I'm pretty sure we are all in the same state as you are. I have not seen anyone(AMD, Intel, Arm) yet pass these:
    Code:
     CPU vulnerability to the three speculative execution attacks variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES
    Even with the new microcode, and Bios Patch's.
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags

  3. #193
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Meltdown and Spectre Discussion Sticky

    Hi 1fallen,

    I believe that the section of the report you are pointing to refers only to the CPU's native unmitigated vulnerabilities. The new kernel actually mitigates some of these. The operative lines are:
    Code:
    …
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    …
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)
    …
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    …
    At this point, the section still exposed is Mitigation 1 of Spectre Variant 2:
    Code:
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  NO
    If I understand things properly, IBRS can only be enabled by a microcode update. The latest kernel is ready to do its part once IBRS is enabled, but that is now up to Intel.

    I suppose that there's nothing more that I can really do at this point but go have a beer. It will arrive when it arrives.

  4. #194
    Join Date
    Apr 2007
    Location
    Out in Left Field
    Beans
    1,165
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Meltdown and Spectre Discussion Sticky

    Last Kernel update on my Mint 18.3 PC seemed to have mitigated all 3 vulnerabilities (Kernel 4.13.0-36 Generic)

    Code:
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    A false sense of security is worse than no security at all, see --disclaimer
    MB: Asrock Extreme4-M CPU: Intel(R) Core(TM) i7-3770K CPU @3.50GHz Memory: Corsair Low Profile Vengeance 16.00 GB. GC On CPU HD4000 Platform: x86_64 Distribution: Dual Boot -Ubuntu 1804 Bionic Beaver with Cinnamon DE and Linux Mint 18 Sarah Cinnamon

  5. #195
    Join Date
    Jun 2008
    Location
    Byron, CA, USA
    Beans
    506
    Distro
    Ubuntu 16.04 Xenial Xerus

    Post Re: Meltdown and Spectre Discussion Sticky

    I have results for the just-released Image 4.13.0-37-generic (as of 8 March 2018) on the Hot Rod gPC™ and its AMD Athlon64® 3500+:

    Code:
    Spectre and Meltdown mitigation detection tool v0.35
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-37-generic #42~16.04.1-Ubuntu SMP Wed Mar 7 16:03:28 UTC 2018 x86_64
    CPU is AMD Athlon(tm) 64 Processor 3500+
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  NO 
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO 
    * CPU vulnerability to the three speculative execution attacks variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  NO 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel has array_index_mask_nospec:  NO 
    * Kernel has the Red Hat/Ubuntu patch:  YES 
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  NO 
    * Mitigation 2
      * Kernel compiled with retpoline option:  YES 
      * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that your CPU is unaffected)
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  NO 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    A false sense of security is worse than no security at all, see --disclaimer
    Be advised that the original has color-formatting Escape codes.
    Gigabyte® GA-MA78GM-S2HP (AMD® Athlon 64® 3500+ CPU, RS780G NB, SB710 SB)
    Audio: ASUS® XONARESSENCESTX/A (PCIe, C-Media® CMI-8788 via PCIe-PCI bridge)

  6. #196
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    257
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    New intel-microcode arrived for Ubuntu Bionic https://launchpad.net/ubuntu/+source/intel-microcode
    Code:
    corrado@corrado-p8-bb-0308:~$ apt policy intel-microcode
    intel-microcode:
      Installed: (none)
      Candidate: 3.20180312.0~ubuntu18.04.1
      Version table:
         3.20180312.0~ubuntu18.04.1 500
            500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
    corrado@corrado-p8-bb-0308:~$
    but not automatically installed. Whi?
    it seems ok for my cpu Kaby Lake i3-7100 sig 0x000806e9, pf mask 0xc0, 2018-01-21, rev 0x0084, size 98304
    Should I install it?

  7. #197
    Join Date
    Feb 2008
    Location
    Texas
    Beans
    27,595
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Meltdown and Spectre Discussion Sticky

    Here is a PPA for Ubuntu Security Proposed for the intel to mitigate Spectre, still needs more testing, so use at your own risk.

    https://launchpad.net/~ubuntu-securi...ive/ubuntu/ppa

  8. #198
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    257
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    new intel-microcode on bionic
    Code:
    corrado@corrado-p8-bb-0308:~$ apt policy intel-microcode
    intel-microcode:
      Installed: 3.20180312.0~ubuntu18.04.1
      Candidate: 3.20180312.0~ubuntu18.04.1
      Version table:
     *** 3.20180312.0~ubuntu18.04.1 500
            500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
            100 /var/lib/dpkg/status
    corrado@corrado-p8-bb-0308:~$ sudo ./spectre-meltdown-checker.sh
    [sudo] password for corrado: 
    Spectre and Meltdown mitigation detection tool v0.35
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.15.0-12-generic #13-Ubuntu SMP Thu Mar 8 06:24:47 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  YES 
        * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  YES 
        * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  YES 
        * CPU indicates STIBP capability:  YES 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 158 stepping 9 ucode 0x84)
    * CPU vulnerability to the three speculative execution attacks variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
    * Kernel has the Red Hat/Ubuntu patch:  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  NO 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  NO 
    * Mitigation 2
      * Kernel compiled with retpoline option:  YES 
      * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline, IBPB)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    A false sense of security is worse than no security at all, see --disclaimer
    corrado@corrado-p8-bb-0308:~$

  9. #199
    Join Date
    Jun 2009
    Location
    0:0:0:0:0:0:0:1
    Beans
    4,915
    Distro
    Xubuntu

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by 1fallen View Post
    I'm pretty sure we are all in the same state as you are. I have not seen anyone(AMD, Intel, Arm) yet pass these:
    Code:
     CPU vulnerability to the three speculative execution attacks variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES
    Even with the new microcode, and Bios Patch's.
    ARM you say lets just test my new RPI 3B+
    correct me if i am wrong, but that part just means the hardware is vulnerable, meaning you should be using a software level patch right?
    Code:
    pi@raspberrypi:/tmp/ram $ sudo sh spectre-meltdown-checker.sh -v
    Spectre and Meltdown mitigation detection tool v0.36
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.9.80-v7+ #1098 SMP Fri Mar 9 19:11:42 GMT 2018 armv7l
    CPU is ARM v7 model 0xd03
    Will use no vmlinux image (accuracy might be reduced)
    Will use no kconfig (accuracy might be reduced)
    Will use System.map file /proc/kallsyms
    We're missing some kernel info (see -v), accuracy might be reduced
    
    Hardware check
    * CPU vulnerability to the three speculative execution attack variants
      * Vulnerable to Variant 1:  NO 
      * Vulnerable to Variant 2:  NO 
      * Vulnerable to Variant 3:  NO 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Kernel has array_index_mask_nospec:  UNKNOWN  (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))
    * Kernel has the Red Hat/Ubuntu patch:  UNKNOWN  (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))
    * Checking count of LFENCE instructions following a jump in kernel...  UNKNOWN  (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  NO 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  NO 
    * Mitigation 2
      * Kernel compiled with retpoline option:  UNKNOWN  (couldn't read your kernel configuration)
      * Kernel compiled with a retpoline-aware compiler:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  NO 
    * PTI enabled and active:  NO 
    * Performance impact if PTI is enabled
      * CPU supports PCID:  NO  (no security impact but performance will be degraded with PTI)
      * CPU supports INVPCID:  NO  (no security impact but performance will be degraded with PTI)
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    A false sense of security is worse than no security at all, see --disclaimer
    Here is my desktop, with a BIOS recent BIOS update
    Code:
    Spectre and Meltdown mitigation detection tool v0.36
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.4.0-112-generic #135~14.04.1-Ubuntu SMP Tue Jan 23 20:41:48 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  YES 
        * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  YES 
        * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  YES 
        * CPU indicates STIBP capability:  YES 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 60 stepping 3 ucode 0x24)
    * CPU vulnerability to the three speculative execution attack variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Kernel has array_index_mask_nospec:  NO 
    * Kernel has the Red Hat/Ubuntu patch:  YES 
    > STATUS:  NOT VULNERABLE  (Kernel source has been patched to mitigate the vulnerability (Red Hat/Ubuntu patch))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  YES 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  YES 
    * Mitigation 2
      * Kernel compiled with retpoline option:  NO 
      * Kernel compiled with a retpoline-aware compiler:  NO 
    > STATUS:  NOT VULNERABLE  (IBRS/IBPB are mitigating the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
    
    A false sense of security is worse than no security at all, see --disclaimer
    here is my laptop (no recent bios update and i do not expect one)
    Code:
    Spectre and Meltdown mitigation detection tool v0.36
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-37-generic #42-Ubuntu SMP Wed Mar 7 14:13:23 UTC 2018 x86_64
    CPU is Intel(R) Pentium(R) CPU B970 @ 2.30GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  NO 
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 42 stepping 7 ucode 0x23)
    * CPU vulnerability to the three speculative execution attack variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel has array_index_mask_nospec:  NO 
    * Kernel has the Red Hat/Ubuntu patch:  YES 
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  NO 
    * Mitigation 2
      * Kernel compiled with retpoline option:  YES 
      * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel supports Page Table Isolation (PTI):  YES 
    * PTI enabled and active:  YES 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    A false sense of security is worse than no security at all, see --disclaimer
    Laptop: ASUS A54C-NB91 (Storage: WD3200BEKT + MKNSSDCR60GB-DX); Desktop: Custom Build - Images included; rPi Server
    Putting your Networked Printer's scanner software to shame PHP Scanner Server
    I frequently edit my post when I have the last post

  10. #200
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    257
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    On my laptop
    Code:
    corrado@corrado-HP-p4-bb-0319:~$ inxi -SCx
    System:    Host: corrado-HP-p4-bb-0319 Kernel: 4.15.0-13-generic x86_64
               bits: 64 gcc: 7.3.0
               Desktop: Gnome 3.28.0 (Gtk 3.22.29-2ubuntu1)
               Distro: Ubuntu Bionic Beaver (development branch)
    CPU:       Dual core Intel Core i5-4210U (-MT-MCP-) 
               arch: Haswell rev.1 cache: 3072 KB
               flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 9577
               clock speeds: max: 2700 MHz 1: 1303 MHz 2: 1446 MHz 3: 1209 MHz
               4: 1422 MHz
    with intel-microcode installed
    Code:
    corrado@corrado-HP-p4-bb-0319:~$ apt policy intel-microcode
    intel-microcode:
      Installed: 3.20180312.0~ubuntu18.04.1
      Candidate: 3.20180312.0~ubuntu18.04.1
      Version table:
     *** 3.20180312.0~ubuntu18.04.1 500
            500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
            100 /var/lib/dpkg/status
    corrado@corrado-HP-p4-bb-0319:~$
    spectre-meltdown-checker gived a strange result:
    Code:
    * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  UNKNOWN 
        * IBRS enabled for User space:  UNKNOWN 
        * IBPB enabled:  UNKNOWN
    Code:
    corrado@corrado-HP-p4-bb-0319:~$ sudo ./spectre-meltdown-checker.sh
    [sudo] password for corrado: 
    Spectre and Meltdown mitigation detection tool v0.36+
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.15.0-13-generic #14-Ubuntu SMP Sat Mar 17 13:44:27 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  YES 
        * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  YES 
        * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  YES 
        * CPU indicates STIBP capability:  YES 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 69 stepping 1 ucode 0x23)
    * CPU vulnerability to the three speculative execution attack variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
    * Kernel has the Red Hat/Ubuntu patch:  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  UNKNOWN 
        * IBRS enabled for User space:  UNKNOWN 
        * IBPB enabled:  UNKNOWN 
    * Mitigation 2
      * Kernel has branch predictor hardening (ARM):  NO 
      * Kernel compiled with retpoline option:  YES 
      * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel supports Page Table Isolation (PTI):  YES  (found 'CONFIG_PAGE_TABLE_ISOLATION=y')
    * PTI enabled and active:  YES 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    A false sense of security is worse than no security at all, see --disclaimer
    corrado@corrado-HP-p4-bb-0319:~$

Page 20 of 22 FirstFirst ... 101819202122 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •