ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
18.3 Sylvia 64, all the other updates done but not seeing the webkit2gtk one that Pyotr mentions. Where do I find it?
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Strange. I have the same version of Chromium as you but Strict site isolation is definitely not shown as an option in chrome://flags. Thanks for your reply but I think I will just wait until a version of Chromium is issued with the fix.phil995511 wrote: On my system with Chronium (63.0.3239.84) and Chrome (63.0.3239.132) this option is present !?
Typein the address bar and press Enter.Code: Select all
chrome://flags
Ctrl+f for seartch Strict site isolation (with out " ") or scroll down the page and find Strict site isolation and press the Enable button.
Version: LM 21.3 64bit Mate "If something is worth doing, it is worth doing for free."
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
It came up in Update Manager. Try refreshing it. If you are using a mirror it may not be updated there yet but should come soon.Pat D wrote:18.3 Sylvia 64, all the other updates done but not seeing the webkit2gtk one that Pyotr mentions. Where do I find it?
Version: LM 21.3 64bit Mate "If something is worth doing, it is worth doing for free."
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Thanks.
Tried several sources, didn't find it. Maybe later.
Tried several sources, didn't find it. Maybe later.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
http://www.amd.com/en/corporate/speculative-execution (dated 11 Jan 2018)
AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks.
-
- Level 4
- Posts: 361
- Joined: Sat Feb 01, 2014 4:06 am
- Location: Geneva (Switzerland)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
He came on 11.01.2018 his exact name is :Pat D wrote:Thanks.
Tried several sources, didn't find it. Maybe later.
libwebkit2gtk-4.0-37
If you do not have it in the history of installed this packages, make sure you have selected the level 4 and 5 of installation packages.
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
I installed intel-microcode 3.20180108.0 today via the Driver Manager on a Acer laptop:
After reboot everything worked Ok with no noticeable reduction in performance.
The Spectre CPU Vulnerability Online Checker at http://xlab.tencent.com/special/spectre ... check.html found no Spectre vulnerability.
This is encouraging but I am reluctant to update yet on my Haswell desktop PC because of the unspecified issues reported by some people for these and acknowledged by Intel.
Has anyone experienced problems with this update?
Code: Select all
Machine: System: Acer product: Aspire 5749 v: V1.06
Mobo: Acer model: HMA51_HR Bios: INSYDE v: V1.06 date: 09/29/2011
CPU: Dual core Intel Core i3-2350M (-HT-MCP-) cache: 3072 KB
flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 9178
clock speeds: max: 2300 MHz 1: 801 MHz 2: 800 MHz 3: 899 MHz
4: 801 MHz
The Spectre CPU Vulnerability Online Checker at http://xlab.tencent.com/special/spectre ... check.html found no Spectre vulnerability.
This is encouraging but I am reluctant to update yet on my Haswell desktop PC because of the unspecified issues reported by some people for these and acknowledged by Intel.
Has anyone experienced problems with this update?
Version: LM 21.3 64bit Mate "If something is worth doing, it is worth doing for free."
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
I don't think i3-2350M have microcode update to mitigate Spectre / Meltdown yet.
check and see if date is at least 2017-07-xx or newer.
check
Code: Select all
dmesg | grep microcode
Linux...
-
- Level 4
- Posts: 361
- Joined: Sat Feb 01, 2014 4:06 am
- Location: Geneva (Switzerland)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
I am doing all the updates for an Intel i7 4700HQ and an Intel i7-5960X without the slightest difficulty or problemsTerryphi wrote:I installed intel-microcode 3.20180108.0 today via the Driver Manager on a Acer laptop:
After reboot everything worked Ok with no noticeable reduction in performance.Code: Select all
Machine: System: Acer product: Aspire 5749 v: V1.06 Mobo: Acer model: HMA51_HR Bios: INSYDE v: V1.06 date: 09/29/2011 CPU: Dual core Intel Core i3-2350M (-HT-MCP-) cache: 3072 KB flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 9178 clock speeds: max: 2300 MHz 1: 801 MHz 2: 800 MHz 3: 899 MHz 4: 801 MHz
The Spectre CPU Vulnerability Online Checker at http://xlab.tencent.com/special/spectre ... check.html found no Spectre vulnerability.
This is encouraging but I am reluctant to update yet on my Haswell desktop PC because of the unspecified issues reported by some people for these and acknowledged by Intel.
Has anyone experienced problems with this update?
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
-
- Level 4
- Posts: 361
- Joined: Sat Feb 01, 2014 4:06 am
- Location: Geneva (Switzerland)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
In the latest firmware update (20180108), not all files have been updated but only some of them which explains the answer you got.now3by wrote:I don't think i3-2350M have microcode update to mitigate Spectre / Meltdown yet.
checkand see if date is at least 2017-07-xx or newer.Code: Select all
dmesg | grep microcode
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Thanks, phil995511
It was already installed, but I didn't recognize it .
It was already installed, but I didn't recognize it .
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
now3by and phil995511,
This is what I see:
So, if it is not updated it is strange that the tencent checker finds no Spectre vulnerability.
This is what I see:
Code: Select all
$ dmesg | grep microcode
[ 0.000000] microcode: CPU0 microcode updated early to revision 0x29, date = 2013-06-12
[ 0.086598] microcode: CPU2 microcode updated early to revision 0x29, date = 2013-06-12
[ 1.354651] microcode: CPU0 sig=0x206a7, pf=0x10, revision=0x29
[ 1.354669] microcode: CPU1 sig=0x206a7, pf=0x10, revision=0x29
[ 1.354730] microcode: CPU2 sig=0x206a7, pf=0x10, revision=0x29
[ 1.354755] microcode: CPU3 sig=0x206a7, pf=0x10, revision=0x29
[ 1.354911] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
Version: LM 21.3 64bit Mate "If something is worth doing, it is worth doing for free."
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
When I updated Chromium on my Mint 18.3 machines Strict Site Isolation was shown as an option.Terryphi wrote: Strange. I have the same version of Chromium as you but Strict site isolation is definitely not shown as an option in chrome://flags. Thanks for your reply but I think I will just wait until a version of Chromium is issued with the fix.
When I updated Chromium on my LMDE2 machines Strict Site Isolation was not shown as an option.
63.0.3239.84 on Mint 18.3
57.0.2987.98 on LMDE2
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
your 2013 microcode it is not updated to mitigate Spectre & Meltdown for sure.Terryphi wrote:now3by and phil995511,
This is what I see:So, if it is not updated it is strange that the tencent checker finds no Spectre vulnerability.Code: Select all
$ dmesg | grep microcode [ 0.000000] microcode: CPU0 microcode updated early to revision 0x29, date = 2013-06-12 [ 0.086598] microcode: CPU2 microcode updated early to revision 0x29, date = 2013-06-12 [ 1.354651] microcode: CPU0 sig=0x206a7, pf=0x10, revision=0x29 [ 1.354669] microcode: CPU1 sig=0x206a7, pf=0x10, revision=0x29 [ 1.354730] microcode: CPU2 sig=0x206a7, pf=0x10, revision=0x29 [ 1.354755] microcode: CPU3 sig=0x206a7, pf=0x10, revision=0x29 [ 1.354911] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
Careful with that web page & scripts it run...
Linux...
-
- Level 4
- Posts: 361
- Joined: Sat Feb 01, 2014 4:06 am
- Location: Geneva (Switzerland)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Intel does not communicate very clearly on processors whose firmware has been updated. Some will only be patched later in January or February...Terryphi wrote:now3by and phil995511,
This is what I see:So, if it is not updated it is strange that the tencent checker finds no Spectre vulnerability.Code: Select all
$ dmesg | grep microcode [ 0.000000] microcode: CPU0 microcode updated early to revision 0x29, date = 2013-06-12 [ 0.086598] microcode: CPU2 microcode updated early to revision 0x29, date = 2013-06-12 [ 1.354651] microcode: CPU0 sig=0x206a7, pf=0x10, revision=0x29 [ 1.354669] microcode: CPU1 sig=0x206a7, pf=0x10, revision=0x29 [ 1.354730] microcode: CPU2 sig=0x206a7, pf=0x10, revision=0x29 [ 1.354755] microcode: CPU3 sig=0x206a7, pf=0x10, revision=0x29 [ 1.354911] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
On my worksattion (i7-5960) I obtain :
Code: Select all
$ dmesg | grep microcode
[ 0.000000] microcode: microcode updated early to revision 0x3b, date = 2017-11-17
[ 9.197312] microcode: sig=0x306f2, pf=0x4, revision=0x3b
[ 9.197402] microcode: Microcode Update Driver: v2.2.
Code: Select all
$ dmesg | grep microcode
[ 0.000000] microcode: microcode updated early to revision 0x23, date = 2017-11-20
[ 0.823560] microcode: sig=0x306c3, pf=0x20, revision=0x23
[ 0.823688] microcode: Microcode Update Driver: v2.2.
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
-
- Level 4
- Posts: 361
- Joined: Sat Feb 01, 2014 4:06 am
- Location: Geneva (Switzerland)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Fortunately only with physical access to the computer
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
-
- Level 4
- Posts: 361
- Joined: Sat Feb 01, 2014 4:06 am
- Location: Geneva (Switzerland)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Chrome 64, update planned for January 23, will completely address the security hole.Harfud wrote:When I updated Chromium on my Mint 18.3 machines Strict Site Isolation was shown as an option.Terryphi wrote: Strange. I have the same version of Chromium as you but Strict site isolation is definitely not shown as an option in chrome://flags. Thanks for your reply but I think I will just wait until a version of Chromium is issued with the fix.
When I updated Chromium on my LMDE2 machines Strict Site Isolation was not shown as an option.
63.0.3239.84 on Mint 18.3
57.0.2987.98 on LMDE2
https://www.macg.co/materiel/2018/01/me ... 4#concerne
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
@ Terryphi, .......
The TenCent link is the Browser Spectre Vulnerability online Checker.
To fully mitigate against Spectre1(= CVE-2017-5753), both the browser and OS have to be patched. Most major browsers have been patched. Windows has been patched. Seems, Linux has not been patched.
To fully mitigate against Spectre2(CVE-2017-5715), both the OS kernel and CPU need to be patched. On the OS side, Windows has been patched. Red Hat Ent and Suse Ent have been patched. Seems, some Linux distros, eg Ubuntu, have not been patched.
... On the CPU side, Intel have just released Linux microcode and Windows/MacOS BIOS firmware patches on 8 Jan 2018 but only for processors from 3rd-gen Haswell(= 2012) onward.
Please refer to this link to check for Linux vulnerability to Meltdown & Spectre by just using the Terminal ... https://www.ghacks.net/2018/01/11/check ... erability/
... I ran this Linux checker on my Intel Core2Duo processor and it is not vulnerable to the Spectre1(CVE-2017-5753) bug. Seems, older processors are not vulnerable to this bug.(less branch prediction and speculative execution.?)
.Terryphi wrote:...
The TenCent link is the Browser Spectre Vulnerability online Checker.
To fully mitigate against Spectre1(= CVE-2017-5753), both the browser and OS have to be patched. Most major browsers have been patched. Windows has been patched. Seems, Linux has not been patched.
To fully mitigate against Spectre2(CVE-2017-5715), both the OS kernel and CPU need to be patched. On the OS side, Windows has been patched. Red Hat Ent and Suse Ent have been patched. Seems, some Linux distros, eg Ubuntu, have not been patched.
... On the CPU side, Intel have just released Linux microcode and Windows/MacOS BIOS firmware patches on 8 Jan 2018 but only for processors from 3rd-gen Haswell(= 2012) onward.
Please refer to this link to check for Linux vulnerability to Meltdown & Spectre by just using the Terminal ... https://www.ghacks.net/2018/01/11/check ... erability/
... I ran this Linux checker on my Intel Core2Duo processor and it is not vulnerable to the Spectre1(CVE-2017-5753) bug. Seems, older processors are not vulnerable to this bug.(less branch prediction and speculative execution.?)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Not so fast with microcode update, Intel failed again:
https://support.lenovo.com/pl/en/solutions/len-18282
https://support.lenovo.com/pl/en/solutions/len-18282
Withdrawn CPU Microcode Updates: Intel provides to Lenovo the CPU microcode updates required to address Variant 2, which Lenovo then incorporates into BIOS/UEFI firmware. Intel recently notified Lenovo of quality issues in two of these microcode updates, and concerns about one more. These are marked in the product tables with “Earlier update X withdrawn by Intel” and a footnote reference to one of the following:
*1 – (Kaby Lake U/Y, U23e, H/S/X) Symptom: Intermittent system hang during system sleep (S3) cycling. If you have already applied the firmware update and experience hangs during sleep/wake, please flash back to the previous BIOS/UEFI level, or disable sleep (S3) mode on your system; and then apply the improved update when it becomes available. If you have not already applied the update, please wait until the improved firmware level is available.
*2 – (Broadwell E) Symptom: Intermittent blue screen during system restart. If you have already applied the update, Intel suggests continuing to use the firmware level until an improved one is available. If you have not applied the update, please wait until the improved firmware level is available.
*3 – (Broadwell E, H, U/Y; Haswell standard, Core Extreme, ULT) Symptom: Intel has received reports of unexpected page faults, which they are currently investigating. Out of an abundance of caution, Intel requested Lenovo to stop distributing this firmware.
Variant 1: Bounds check bypass (CVE-2017-5753)
Requires operating system updates
May require driver and/or application updates
Vulnerable to Spectre attack
Variant 2: Branch target injection (CVE-2017-5715)
Requires processor microcode updates
Requires operating system updates
May require driver and/or application updates
Vulnerable to Spectre attack
Variant 3: Rogue data cache load (CVE-2017-5754)
Requires operating system updates
Vulnerable to Meltdown attack
Linux...