Page 19 of 22 FirstFirst ... 91718192021 ... LastLast
Results 181 to 190 of 220

Thread: Meltdown and Spectre Discussion Sticky

  1. February 7th, 2018 #181
    corradoventu's Avatar
    corradoventu
    corradoventu is offline Has an Ubuntu Drip
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    674
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    On my Artful with PPA from https://launchpad.net/~canonical-ker..._filter=artful I have now the new kernel 4.13.0-33 with retpoline mitigations
    Code:
    corrado@corrado-p6-aa:~$ sudo ./Downloads/spectre-meltdown-checker-master/spectre-meltdown-checker.sh
[sudo] password for corrado: 
Spectre and Meltdown mitigation detection tool v0.34+

Checking for vulnerabilities on current system
Kernel is Linux 4.13.0-33-generic #36-Ubuntu SMP Tue Feb 6 20:30:50 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 158 stepping 9 ucode 0x5e)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  NO 
* Checking count of LFENCE instructions following a jump in kernel...  NO  (only 5 jump-then-lfence instructions found, should be >= 30 (heuristic))
> STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  YES 
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  YES 
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
corrado@corrado-p6-aa:~$
    Advanced reply Adv Reply   Reply With Quote Reply With Quote
  2. February 7th, 2018 #182
    Frogs Hair's Avatar
    Frogs Hair
    Frogs Hair is offline Good Journey !
    Join Date
    Feb 2010
    Location
    Obscurial Springs
    Beans
    15,210
    Distro
    Ubuntu Budgie Development Release

    Re: Meltdown and Spectre Discussion Sticky

    Protected after kernel update on 17.10.(proposed enabled)

    Code:
    uname -a
Linux ubuntu 4.13.0-33-generic #36-Ubuntu SMP Tue Feb 6 20:30:50 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
    Code:
    Checking for vulnerabilities against running kernel Linux 4.13.0-33-generic #36-Ubuntu SMP Tue Feb 6 20:30:50 UTC 2018 x86_64
CPU is  Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz


CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))


CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)


CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)


A false sense of security is worse than no security at all, see --disclaimer
    "Our intention creates our reality. "

    Ubuntu Documentation Search: Popular Pages
    Ubuntu: Security Basics
    Ubuntu: Flavors
    Advanced reply Adv Reply   Reply With Quote Reply With Quote
  3. February 10th, 2018 #183
    linuxyogi's Avatar
    linuxyogi
    linuxyogi is offline May the Ubuntu Be With You!
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu

    Re: Meltdown and Spectre Discussion Sticky

    Xubuntu 18.04 (Proposed enabled)

    Code:
    $ uname -a
Linux xubuntu 4.15.0-9-generic #10-Ubuntu SMP Thu Feb 8 20:22:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
    Code:
    $ sudo sh spectre-meltdown-checker.sh 
[sudo] password for xubuntu: 
Spectre and Meltdown mitigation detection tool v0.21

Checking for vulnerabilities against live running kernel Linux 4.15.0-9-generic #10-Ubuntu SMP Thu Feb 8 20:22:38 UTC 2018 x86_64

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  YES  (186 opcodes found, which is >= 70)
> STATUS:  NOT VULNERABLE  (heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  YES 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer
    What do you think I should do now ? How do I get rid of this "STATUS: VULNERABLE" ?
    Last edited by linuxyogi; February 10th, 2018 at 10:54 AM.
    Lubuntu 20.04
    Advanced reply Adv Reply   Reply With Quote Reply With Quote
  4. February 10th, 2018 #184
    Frogs Hair's Avatar
    Frogs Hair
    Frogs Hair is offline Good Journey !
    Join Date
    Feb 2010
    Location
    Obscurial Springs
    Beans
    15,210
    Distro
    Ubuntu Budgie Development Release

    Re: Meltdown and Spectre Discussion Sticky

    What do you think I should do now ? How do I get rid of this "STATUS: VULNERABLE" ?
    Wait , it took 4 updates for my cpu to be covered.
    "Our intention creates our reality. "

    Ubuntu Documentation Search: Popular Pages
    Ubuntu: Security Basics
    Ubuntu: Flavors
    Advanced reply Adv Reply   Reply With Quote Reply With Quote
  5. February 10th, 2018 #185
    1fallen's Avatar
    1fallen
    1fallen is offline eat, ride, sleep, repeat
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    Quote Originally Posted by Frogs Hair View Post
    Wait , it took 4 updates for my cpu to be covered.
    +1
    Code:
    sudo sh spectre-meltdown-checker.sh 
Spectre and Meltdown mitigation detection tool v0.32

Checking for vulnerabilities against running kernel Linux 4.15.2-2-ARCH #1 SMP PREEMPT Thu Feb 8 18:54:52 UTC 2018 x86_64
CPU is  Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
    And:
    Code:
    grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags | System-info | Forum Guide lines | Arch Linux, Debian Unstable, FreeBSD
    Advanced reply Adv Reply   Reply With Quote Reply With Quote
  6. February 11th, 2018 #186
    DuckHook's Avatar
    DuckHook
    DuckHook is offline Fore!
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: Meltdown and Spectre Discussion Sticky

    @linuxyogi,

    Patience is a necessary virtue at this time. I am not covered either, nor is practically anyone else:
    Code:
    duckhook@Zeus:~/bin$ sudo ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.34

Checking for vulnerabilities on current system
Kernel is Linux 4.13.0-32-generic #35-Ubuntu SMP Thu Jan 25 09:13:46 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 45 stepping 7 ucode 0x710)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Kernel has array_index_mask_nospec:  NO 
* Checking count of LFENCE instructions following a jump in kernel:  YES  (65 jump-then-lfence instructions found, which is >= 30 (heuristic))
> STATUS:  NOT VULNERABLE  (Kernel source has PROBABLY been patched to mitigate the vulnerability (jump-then-lfence instructions heuristic))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  YES 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  NO 
  * Kernel compiled with a retpoline-aware compiler:  NO 
  * Retpoline enabled:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
    In my case, I am running the latest tested kernel for Artful (17.10). You must carefully note that both Frogs Hair and 1fallen are running more dangerous kernels. In Frogs Hair's case, he has proposed turned on. Do not do this unless you are accustomed to living dangerously with possible breakage in other parts of your system. In 1fallen's case, he compiles his own kernels. This yields essentially a customized install that he is on his own to maintain and update. Both of these gentlemen are very skilled Linux experts. You must assess your own level of expertise and decide if the small theoretical exposure posed by Spectre at this time is worth trading for either potential breakage of your system, or continual need to maintain a personally customized system.
    Advanced reply Adv Reply   Reply With Quote Reply With Quote
  7. February 11th, 2018 #187
    linuxyogi's Avatar
    linuxyogi
    linuxyogi is offline May the Ubuntu Be With You!
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu

    Re: Meltdown and Spectre Discussion Sticky

    Thanks everyone for the replies. I will simply wait and follow this thread.
    Lubuntu 20.04
    Advanced reply Adv Reply   Reply With Quote Reply With Quote
  8. February 16th, 2018 #188
    frogotronic's Avatar
    frogotronic
    frogotronic is offline Iced Almond Soy Ubuntu, No Foam
    Join Date
    Mar 2006
    Location
    Oxford, OH, USA
    Beans
    1,055
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Meltdown and Spectre Discussion Sticky

    Code:
    $ lsb_release -a
LSB Version:	core-9.20160110ubuntu0.2-amd64:core-9.20160110ubuntu0.2-noarch:printing-9.20160110ubuntu0.2-amd64:printing-9.20160110ubuntu0.2-noarch:security-9.20160110ubuntu0.2-amd64:security-9.20160110ubuntu0.2-noarch
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.3 LTS
Release:	16.04
Codename:	xenial
    Code:
    $ inxi -SCGx
System:    Host: XXXXX Kernel: 4.13.0-35-generic x86_64 (64 bit gcc: 5.4.0)
           Desktop: Unity 7.4.5 (Gtk 3.18.9-1ubuntu3.3) Distro: Ubuntu 16.04 xenial
CPU:       Dual core Intel Core i7-7500U (-HT-MCP-) cache: 4096 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 11616
           clock speeds: max: 3500 MHz 1: 2900 MHz 2: 2900 MHz 3: 2900 MHz 4: 2900 MHz
Graphics:  Card: Intel Device 5916 bus-ID: 00:02.0
           Display Server: X.Org 1.19.5 drivers: (unloaded: fbdev,vesa) Resolution: 1920x1080@60.02hz
           GLX Renderer: Mesa DRI Intel HD Graphics 620 (Kaby Lake GT2)
           GLX Version: 3.0 Mesa 18.1.0-devel - padoka PPA Direct Rendering: Yes
    Code:
    Spectre and Meltdown mitigation detection tool v0.34+

Checking for vulnerabilities on current system
Kernel is Linux 4.13.0-35-generic #39~16.04.1-Ubuntu SMP Mon Feb 12 15:02:37 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 142 stepping 9 ucode 0x62)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  NO 
* Checking count of LFENCE instructions following a jump in kernel:  YES  (70 jump-then-lfence instructions found, which is >= 30 (heuristic))
> STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  YES 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  YES 
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  YES 
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
    ________________________________
    System76 Lemur Laptop
    Ubuntu Xenial Xerus LTS 16.04
    Linux Registered User #434330
    Advanced reply Adv Reply   Reply With Quote Reply With Quote
  9. February 21st, 2018 #189
    corradoventu's Avatar
    corradoventu
    corradoventu is offline Has an Ubuntu Drip
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    674
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    new intel microcode promoved to production: https://newsroom.intel.com/wp-conten...e-guidance.pdf
    how long do we have to wait? some predictions?
    Advanced reply Adv Reply   Reply With Quote Reply With Quote
  10. February 22nd, 2018 #190
    cruzer001's Avatar
    cruzer001
    cruzer001 is offline May the Ubuntu Be With You!
    Join Date
    Dec 2017
    Location
    RockyMts
    Beans
    1,167

    Re: Meltdown and Spectre Discussion Sticky

    https://insights.ubuntu.com/2018/01/...F1YUhpdE0yaCJ9
    Advanced reply Adv Reply   Reply With Quote Reply With Quote
Page 19 of 22 FirstFirst ... 91718192021 ... LastLast
« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct