Spectre and Meltdown: Not vulnerable

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
User avatar
oligalma
Level 2
Level 2
Posts: 90
Joined: Tue Jan 31, 2017 5:13 am

Spectre and Meltdown: Not vulnerable

Post by oligalma » Thu Feb 22, 2018 8:34 am

I'm writing this post just to say that, after installing the last LM security update, I'm not vulnerable against Spectre or Meldown. Look:

https://snag.gy/UA3JG5.jpg

By the way, I used this tool: https://github.com/speed47/spectre-meltdown-checker

User avatar
Pepi
Level 5
Level 5
Posts: 740
Joined: Wed Nov 18, 2009 7:47 pm

Re: Spectre and Meltdown: Not vulnerable

Post by Pepi » Thu Feb 22, 2018 9:43 am

I checked my system out yesterday and I'm OK now also :mrgreen: GO LINUX TEAM 8)

User avatar
chrisuk
Level 5
Level 5
Posts: 593
Joined: Thu Jun 12, 2008 6:16 am

Re: Spectre and Meltdown: Not vulnerable

Post by chrisuk » Thu Feb 22, 2018 10:01 am

You might want to research the topic before being complacent ;)

AFAIK these are mitigations not fixes. So the risk is lessened, not removed. This won't go away unless and until new CPUs are designed... assuming that it's even possible.
Chris

Manjaro MATE - MX Linux - LMDE MATE

jglen490
Level 4
Level 4
Posts: 255
Joined: Sat Jul 15, 2017 9:57 pm

Re: Spectre and Meltdown: Not vulnerable

Post by jglen490 » Thu Feb 22, 2018 3:39 pm

There are always risks and there are always exploits, but they are not the same. If it wasn't for the fact that someone happened to discover the CPU "features" that then received the cute names of Spectre and Meltdown, we'd still be ignorant of them. Neither Intel nor AMD were forthcoming until the stories started breaking.

The point is, there could be more before it's over. Reduce your exposure by keeping up with kernel and application patches and updates. If you venture out on your own to explore leading/bleeding edge software - especially kernels - just understand your risk. The risk might not be exploited, but it still exists.
I feel more like I do than I did when I got here.
Toshiba A135-S2386, Intel T2080, ATI Radeon® Xpress 200M Chipset, 2GB RAM, 500GB

rene
Level 8
Level 8
Posts: 2389
Joined: Sun Mar 27, 2016 6:58 pm

Re: Spectre and Meltdown: Not vulnerable

Post by rene » Thu Feb 22, 2018 3:48 pm

chrisuk wrote:
Thu Feb 22, 2018 10:01 am
AFAIK these are mitigations not fixes
True for Spectre, but KPTI is an actual fix for Meltdown.

User avatar
trytip
Level 9
Level 9
Posts: 2514
Joined: Tue Jul 05, 2016 1:20 pm

Re: Spectre and Meltdown: Not vulnerable

Post by trytip » Thu Feb 22, 2018 4:54 pm

check again the script was updated to v.35 showing a lot more
Image

User avatar
oligalma
Level 2
Level 2
Posts: 90
Joined: Tue Jan 31, 2017 5:13 am

Re: Spectre and Meltdown: Not vulnerable

Post by oligalma » Fri Feb 23, 2018 6:48 am

trytip wrote:
Thu Feb 22, 2018 4:54 pm
check again the script was updated to v.35 showing a lot more
You are right, I've just downloaded the new version. Thanks!

User avatar
Pepi
Level 5
Level 5
Posts: 740
Joined: Wed Nov 18, 2009 7:47 pm

Re: Spectre and Meltdown: Not vulnerable

Post by Pepi » Thu May 17, 2018 7:54 am

Appears my old IBM computer is getting old :? Linux pepi-HP-Z600-Workstation 4.4.0-124-generic #148-Ubuntu SMP Wed May 2 13:00:18 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
* CPU vulnerability to the three speculative execution attack variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES


CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (Mitigation: OSB (observable speculation barrier, Intel v6))
* Kernel has array_index_mask_nospec (x86): NO
* Kernel has the Red Hat/Ubuntu patch: YES
* Kernel has mask_nospec64 (arm): NO
> STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: NO
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: NO
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline is mitigating the vulnerability)
IBPB is considered as a good addition to retpoline for Variant 2 mitigation, but your CPU microcode doesn't support it

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)

User avatar
absque fenestris
Level 5
Level 5
Posts: 655
Joined: Sat Nov 12, 2016 8:42 pm
Location: Confoederatio Helvetica

Re: Spectre and Meltdown: Not vulnerable

Post by absque fenestris » Thu May 17, 2018 8:48 am

Inspect the script. You never blindly run scripts you downloaded from the Internet, do you?

Of course we did all of them, understood the script, estimated the dangers...
And now:

When you're ready, run the script as root
Linux Mint 18.3 Sylvia (Mate) 32-bit - Acer D250 Netbook (Intel Atom N270, 2 GB RAM, 120 GB SSD)

User avatar
smurphos
Level 8
Level 8
Posts: 2258
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: Spectre and Meltdown: Not vulnerable

Post by smurphos » Thu May 17, 2018 9:09 am

It's safe - it's even made it into the Debian repos - https://packages.debian.org/source/stre ... wn-checker and thus into bionic....https://packages.ubuntu.com/bionic/kern ... wn-checker

Post Reply

Return to “Software & Applications”