Hello,
On 16.04.3 LTS, most recent kernel in proposed (4.13.0-31-generic) now boots.
Code:
$ inxi -SCGx
System: Host: XXXXXXXXX Kernel: 4.13.0-31-generic x86_64 (64 bit gcc: 5.4.0)
Desktop: Unity 7.4.5 (Gtk 3.18.9-1ubuntu3.3)
Distro: Ubuntu 16.04 xenial
CPU: Dual core Intel Core i7-7500U (-HT-MCP-) cache: 4096 KB
flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 11616
clock speeds: max: 3500 MHz 1: 2900 MHz 2: 2900 MHz 3: 2900 MHz
4: 2900 MHz
Graphics: Card: Intel Device 5916 bus-ID: 00:02.0
Display Server: X.Org 1.19.5 drivers: (unloaded: fbdev,vesa)
Resolution: 1920x1080@60.02hz, 1920x1080@60.00hz
GLX Renderer: Mesa DRI Intel HD Graphics 620 (Kaby Lake GT2)
GLX Version: 3.0 Mesa 17.3.2 - padoka PPA Direct Rendering: Yes
Code:
$ sudo ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.31
Checking for vulnerabilities against running kernel Linux 4.13.0-31-generic #34~16.04.1-Ubuntu SMP Fri Jan 19 17:11:01 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: YES
> STATUS: NOT VULNERABLE (114 opcodes found, which is >= 70, heuristic to be improved when official patches become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation
* The SPEC_CTRL MSR is available: NO
* The SPEC_CTRL CPUID feature bit is set: NO
* Kernel support for IBRS: YES
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Checking if we're running under Xen PV (64 bits): NO
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)
A false sense of security is worse than no security at all, see --disclaimer
Bookmarks