ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Locked
Pat D

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pat D »

18.3 Sylvia 64, all the other updates done but not seeing the webkit2gtk one that Pyotr mentions. Where do I find it?
User avatar
Terryphi
Level 4
Level 4
Posts: 254
Joined: Mon Jun 06, 2011 6:30 am
Location: West Wales. UK
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Terryphi »

phil995511 wrote: On my system with Chronium (63.0.3239.84) and Chrome (63.0.3239.132) this option is present !?

Type

Code: Select all

chrome://flags
in the address bar and press Enter.
Ctrl+f for seartch Strict site isolation (with out " ") or scroll down the page and find Strict site isolation and press the Enable button.
Strange. I have the same version of Chromium as you but Strict site isolation is definitely not shown as an option in chrome://flags. Thanks for your reply but I think I will just wait until a version of Chromium is issued with the fix.
Image
Version: LM 21.3 64bit Mate "If something is worth doing, it is worth doing for free."
User avatar
Terryphi
Level 4
Level 4
Posts: 254
Joined: Mon Jun 06, 2011 6:30 am
Location: West Wales. UK
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Terryphi »

Pat D wrote:18.3 Sylvia 64, all the other updates done but not seeing the webkit2gtk one that Pyotr mentions. Where do I find it?
It came up in Update Manager. Try refreshing it. If you are using a mirror it may not be updated there yet but should come soon.
Image
Version: LM 21.3 64bit Mate "If something is worth doing, it is worth doing for free."
Pat D

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pat D »

Thanks.
Tried several sources, didn't find it. Maybe later.
michael louwe

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe »

http://www.amd.com/en/corporate/speculative-execution (dated 11 Jan 2018)
AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks.
phil995511
Level 4
Level 4
Posts: 361
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva (Switzerland)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 »

Pat D wrote:Thanks.
Tried several sources, didn't find it. Maybe later.
He came on 11.01.2018 his exact name is :

libwebkit2gtk-4.0-37

If you do not have it in the history of installed this packages, make sure you have selected the level 4 and 5 of installation packages.
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
User avatar
Terryphi
Level 4
Level 4
Posts: 254
Joined: Mon Jun 06, 2011 6:30 am
Location: West Wales. UK
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Terryphi »

I installed intel-microcode 3.20180108.0 today via the Driver Manager on a Acer laptop:

Code: Select all

Machine:   System: Acer product: Aspire 5749 v: V1.06
           Mobo: Acer model: HMA51_HR Bios: INSYDE v: V1.06 date: 09/29/2011
CPU:       Dual core Intel Core i3-2350M (-HT-MCP-) cache: 3072 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 9178
           clock speeds: max: 2300 MHz 1: 801 MHz 2: 800 MHz 3: 899 MHz
           4: 801 MHz
After reboot everything worked Ok with no noticeable reduction in performance.
The Spectre CPU Vulnerability Online Checker at http://xlab.tencent.com/special/spectre ... check.html found no Spectre vulnerability.
This is encouraging but I am reluctant to update yet on my Haswell desktop PC because of the unspecified issues reported by some people for these and acknowledged by Intel.

Has anyone experienced problems with this update?
Image
Version: LM 21.3 64bit Mate "If something is worth doing, it is worth doing for free."
User avatar
now3by
Level 2
Level 2
Posts: 68
Joined: Mon Jan 23, 2017 1:56 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by now3by »

I don't think i3-2350M have microcode update to mitigate Spectre / Meltdown yet.
check

Code: Select all

dmesg | grep microcode
and see if date is at least 2017-07-xx or newer.
Linux...
phil995511
Level 4
Level 4
Posts: 361
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva (Switzerland)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 »

Terryphi wrote:I installed intel-microcode 3.20180108.0 today via the Driver Manager on a Acer laptop:

Code: Select all

Machine:   System: Acer product: Aspire 5749 v: V1.06
           Mobo: Acer model: HMA51_HR Bios: INSYDE v: V1.06 date: 09/29/2011
CPU:       Dual core Intel Core i3-2350M (-HT-MCP-) cache: 3072 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 9178
           clock speeds: max: 2300 MHz 1: 801 MHz 2: 800 MHz 3: 899 MHz
           4: 801 MHz
After reboot everything worked Ok with no noticeable reduction in performance.
The Spectre CPU Vulnerability Online Checker at http://xlab.tencent.com/special/spectre ... check.html found no Spectre vulnerability.
This is encouraging but I am reluctant to update yet on my Haswell desktop PC because of the unspecified issues reported by some people for these and acknowledged by Intel.

Has anyone experienced problems with this update?
I am doing all the updates for an Intel i7 4700HQ and an Intel i7-5960X without the slightest difficulty or problems
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
phil995511
Level 4
Level 4
Posts: 361
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva (Switzerland)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 »

now3by wrote:I don't think i3-2350M have microcode update to mitigate Spectre / Meltdown yet.
check

Code: Select all

dmesg | grep microcode
and see if date is at least 2017-07-xx or newer.
In the latest firmware update (20180108), not all files have been updated but only some of them which explains the answer you got.
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
Pat D

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pat D »

Thanks, phil995511

It was already installed, but I didn't recognize it . :D
User avatar
Terryphi
Level 4
Level 4
Posts: 254
Joined: Mon Jun 06, 2011 6:30 am
Location: West Wales. UK
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Terryphi »

now3by and phil995511,
This is what I see:

Code: Select all

 $ dmesg | grep microcode
[    0.000000] microcode: CPU0 microcode updated early to revision 0x29, date = 2013-06-12
[    0.086598] microcode: CPU2 microcode updated early to revision 0x29, date = 2013-06-12
[    1.354651] microcode: CPU0 sig=0x206a7, pf=0x10, revision=0x29
[    1.354669] microcode: CPU1 sig=0x206a7, pf=0x10, revision=0x29
[    1.354730] microcode: CPU2 sig=0x206a7, pf=0x10, revision=0x29
[    1.354755] microcode: CPU3 sig=0x206a7, pf=0x10, revision=0x29
[    1.354911] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
So, if it is not updated it is strange that the tencent checker finds no Spectre vulnerability.
Image
Version: LM 21.3 64bit Mate "If something is worth doing, it is worth doing for free."
Harfud
Level 2
Level 2
Posts: 90
Joined: Tue Dec 05, 2017 3:38 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Harfud »

Terryphi wrote: Strange. I have the same version of Chromium as you but Strict site isolation is definitely not shown as an option in chrome://flags. Thanks for your reply but I think I will just wait until a version of Chromium is issued with the fix.
When I updated Chromium on my Mint 18.3 machines Strict Site Isolation was shown as an option.

When I updated Chromium on my LMDE2 machines Strict Site Isolation was not shown as an option.

63.0.3239.84 on Mint 18.3

57.0.2987.98 on LMDE2
User avatar
now3by
Level 2
Level 2
Posts: 68
Joined: Mon Jan 23, 2017 1:56 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by now3by »

Terryphi wrote:now3by and phil995511,
This is what I see:

Code: Select all

 $ dmesg | grep microcode
[    0.000000] microcode: CPU0 microcode updated early to revision 0x29, date = 2013-06-12
[    0.086598] microcode: CPU2 microcode updated early to revision 0x29, date = 2013-06-12
[    1.354651] microcode: CPU0 sig=0x206a7, pf=0x10, revision=0x29
[    1.354669] microcode: CPU1 sig=0x206a7, pf=0x10, revision=0x29
[    1.354730] microcode: CPU2 sig=0x206a7, pf=0x10, revision=0x29
[    1.354755] microcode: CPU3 sig=0x206a7, pf=0x10, revision=0x29
[    1.354911] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
So, if it is not updated it is strange that the tencent checker finds no Spectre vulnerability.
your 2013 microcode it is not updated to mitigate Spectre & Meltdown for sure.
Careful with that web page & scripts it run...
Linux...
phil995511
Level 4
Level 4
Posts: 361
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva (Switzerland)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 »

Terryphi wrote:now3by and phil995511,
This is what I see:

Code: Select all

 $ dmesg | grep microcode
[    0.000000] microcode: CPU0 microcode updated early to revision 0x29, date = 2013-06-12
[    0.086598] microcode: CPU2 microcode updated early to revision 0x29, date = 2013-06-12
[    1.354651] microcode: CPU0 sig=0x206a7, pf=0x10, revision=0x29
[    1.354669] microcode: CPU1 sig=0x206a7, pf=0x10, revision=0x29
[    1.354730] microcode: CPU2 sig=0x206a7, pf=0x10, revision=0x29
[    1.354755] microcode: CPU3 sig=0x206a7, pf=0x10, revision=0x29
[    1.354911] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
So, if it is not updated it is strange that the tencent checker finds no Spectre vulnerability.
Intel does not communicate very clearly on processors whose firmware has been updated. Some will only be patched later in January or February...

On my worksattion (i7-5960) I obtain :

Code: Select all

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x3b, date = 2017-11-17
[    9.197312] microcode: sig=0x306f2, pf=0x4, revision=0x3b
[    9.197402] microcode: Microcode Update Driver: v2.2.
On my laptop (i7 4700HQ) I obtain :

Code: Select all

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x23, date = 2017-11-20
[    0.823560] microcode: sig=0x306c3, pf=0x20, revision=0x23
[    0.823688] microcode: Microcode Update Driver: v2.2.
http://xlab.tencent.com/special/spectre ... check.html say my "Your browser is NOT VULNERABLE to Spectre"
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
phil995511
Level 4
Level 4
Posts: 361
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva (Switzerland)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 »

Pat D wrote:Oh boy. Another issue for Intel.

https://arstechnica.com/information-tec ... -firmware/
Fortunately only with physical access to the computer :)
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
phil995511
Level 4
Level 4
Posts: 361
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva (Switzerland)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 »

Harfud wrote:
Terryphi wrote: Strange. I have the same version of Chromium as you but Strict site isolation is definitely not shown as an option in chrome://flags. Thanks for your reply but I think I will just wait until a version of Chromium is issued with the fix.
When I updated Chromium on my Mint 18.3 machines Strict Site Isolation was shown as an option.

When I updated Chromium on my LMDE2 machines Strict Site Isolation was not shown as an option.

63.0.3239.84 on Mint 18.3

57.0.2987.98 on LMDE2
Chrome 64, update planned for January 23, will completely address the security hole.

https://www.macg.co/materiel/2018/01/me ... 4#concerne
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
michael louwe

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe »

@ Terryphi, .......
Terryphi wrote:...
.
The TenCent link is the Browser Spectre Vulnerability online Checker.

To fully mitigate against Spectre1(= CVE-2017-5753), both the browser and OS have to be patched. Most major browsers have been patched. Windows has been patched. Seems, Linux has not been patched.

To fully mitigate against Spectre2(CVE-2017-5715), both the OS kernel and CPU need to be patched. On the OS side, Windows has been patched. Red Hat Ent and Suse Ent have been patched. Seems, some Linux distros, eg Ubuntu, have not been patched.
... On the CPU side, Intel have just released Linux microcode and Windows/MacOS BIOS firmware patches on 8 Jan 2018 but only for processors from 3rd-gen Haswell(= 2012) onward.

Please refer to this link to check for Linux vulnerability to Meltdown & Spectre by just using the Terminal ... https://www.ghacks.net/2018/01/11/check ... erability/
... I ran this Linux checker on my Intel Core2Duo processor and it is not vulnerable to the Spectre1(CVE-2017-5753) bug. Seems, older processors are not vulnerable to this bug.(less branch prediction and speculative execution.?)
User avatar
now3by
Level 2
Level 2
Posts: 68
Joined: Mon Jan 23, 2017 1:56 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by now3by »

Not so fast with microcode update, Intel failed again:
https://support.lenovo.com/pl/en/solutions/len-18282
Withdrawn CPU Microcode Updates: Intel provides to Lenovo the CPU microcode updates required to address Variant 2, which Lenovo then incorporates into BIOS/UEFI firmware. Intel recently notified Lenovo of quality issues in two of these microcode updates, and concerns about one more. These are marked in the product tables with “Earlier update X withdrawn by Intel” and a footnote reference to one of the following:

*1 – (Kaby Lake U/Y, U23e, H/S/X) Symptom: Intermittent system hang during system sleep (S3) cycling. If you have already applied the firmware update and experience hangs during sleep/wake, please flash back to the previous BIOS/UEFI level, or disable sleep (S3) mode on your system; and then apply the improved update when it becomes available. If you have not already applied the update, please wait until the improved firmware level is available.

*2 – (Broadwell E) Symptom: Intermittent blue screen during system restart. If you have already applied the update, Intel suggests continuing to use the firmware level until an improved one is available. If you have not applied the update, please wait until the improved firmware level is available.

*3 – (Broadwell E, H, U/Y; Haswell standard, Core Extreme, ULT) Symptom: Intel has received reports of unexpected page faults, which they are currently investigating. Out of an abundance of caution, Intel requested Lenovo to stop distributing this firmware.

Variant 1: Bounds check bypass (CVE-2017-5753)
Requires operating system updates
May require driver and/or application updates
Vulnerable to Spectre attack

Variant 2: Branch target injection (CVE-2017-5715)
Requires processor microcode updates
Requires operating system updates
May require driver and/or application updates
Vulnerable to Spectre attack

Variant 3: Rogue data cache load (CVE-2017-5754)
Requires operating system updates
Vulnerable to Meltdown attack
Linux...
Locked

Return to “Open Chat”