[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Thanks for that! This is my result: Spectre and Meltdown mitigation detection tool v0.35 Checking for vulnerabilities on current systemKernel is Linux 4.13.0-32-generic #35~16.04.1-Ubuntu SMP Thu Jan 25 10:13:43 UTC 2018 x86_64
CPU is AMD Athlon(tm) II X4 620 Processor Hardware check * Hardware support (CPU microcode) for mitigation techniques  * Indirect Branch Restricted Speculation (IBRS)  * SPEC_CTRL MSR is available: NO  * CPU indicates IBRS capability: NO  * Indirect Branch Prediction Barrier (IBPB)  * PRED_CMD MSR is available: NO  * CPU indicates IBPB capability: NO  * Single Thread Indirect Branch Predictors (STIBP)  * SPEC_CTRL MSR is available: NO  * CPU indicates STIBP capability: NO  * Enhanced IBRS (IBRS_ALL)  * CPU indicates ARCH_CAPABILITIES MSR availability: NO  * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
 * CPU microcode is known to cause stability problems: NO * CPU vulnerability to the three speculative execution attacks variants  * Vulnerable to Variant 1: YES  * Vulnerable to Variant 2: YES  * Vulnerable to Variant 3: NO CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Kernel has array_index_mask_nospec: NO * Kernel has the Red Hat/Ubuntu patch: YES> STATUS: NOT VULNERABLE (Kernel source has been patched to mitigate the vulnerability (Red Hat/Ubuntu patch))
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigation 1 Â * Kernel is compiled with IBRS/IBPB support:Â YES Â * Currently enabled features ÂÂÂ * IBRS enabled for Kernel space:Â NO ÂÂÂ * IBRS enabled for User space:Â NO ÂÂÂ * IBPB enabled:Â NO * Mitigation 2 Â * Kernel compiled with retpoline option:Â NO Â * Kernel compiled with a retpoline-aware compiler:Â NO> STATUS:Â VULNERABLEÂ (Your kernel is compiled with IBRS but your CPU microcode is lacking support to successfully mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Kernel supports Page Table Isolation (PTI):Â YES * PTI enabled and active:Â NO * Running as a Xen PV DomU:Â NO> STATUS:Â NOT VULNERABLEÂ (your CPU vendor reported your CPU model as not vulnerable)
A false sense of security is worse than no security at all, see --disclaimer Julian On 18/02/18 20:01, mr meowski wrote:
On 18/02/18 11:04, Richard Brown wrote:Hi All I have just checked my kernel and it is 4.13.0-32-generic Is it possible to find out whether I need to upgrade please? I am aware of the spectre and meltdown issues and wondered how I might find out: 1. If I should upgrade 2. How I do this manually https://www.kernel.org/ I visited the above and I can see the latest stable kernel is 4.15.4. Should I upgrade to this please?If anyone wants to check their (linux) system specifically for the current state of spectre+meltdown mitigation on a given machine then have a look here: https://github.com/speed47/spectre-meltdown-checker Really simple instructions are as follows: cd [to some directory where you want to keep this] wget meltdown.ovh -O spectre-meltdown-checker.sh cat spectre-meltdown-checker.sh chmod +x spectre-meltdown-checker.sh sudo ./spectre-meltdown-checker.sh The tool will tell you how your system is currently shaping up. Handy similar GUI tool for windows: https://www.grc.com/inspectre.htm It might be worth pointing out the mitigations are multi-level and not just kernel-dependent - parts of user space programs, the kernel, system firmware and your compiler all need patching and some (many) systems will never get all of those individual bits. Cheers
-- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq