Linux Mint Forums

DAMIEN1307 wrote: ⤴Tue May 22, 2018 10:54 am It is now officially known as Spectre variant 3a and Spectre variant 4...following article discusses just which CPUs are vulnerable and once again telling us about staying up to date on microcode updates as well as any update patches to come...note also that atom processors are now also included...thus far only Intel processors seem to be affected but we all know by now that the experts will probably find out that the other manufacturers products may soon join the list...more fun to come...lol...DAMIEN

DAMIEN1307 wrote: ⤴Tue May 22, 2018 3:58 pm Hi stephanie...that microcode in your driver manager is the latest one released thru the mint updater and recommended for your system...i always install the most up to date microcode recommended and have never had a failure...yes your system is "chirping" right along with the existing microcode, however this newest one has new "mitigation" code re-written within it to mitigate vulnerabilities found in your Intel CPU chipset...this should be installed as well as any updates that will be forthcoming from the linux mint update manager...DAMIEN

run this code to check your microcode version, dont panic if nothing shows up, it just means that you have what came installed and have probably never updated it...after installing and REBOOTING your computer, run the code again and it should show up.

dpkg -l | grep microcode


after you have done the above, run this code, the last word in the terminal after running this should say "patched"

grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"


and lastly, run this code in your terminal and it will show that mitigations have been applied

grep . /sys/devices/system/cpu/vulnerabilities/*

KBD47 wrote: ⤴Wed May 23, 2018 12:19 pm Am I right in understanding that javascript is primarily how these problems will affect user's computers?

DAMIEN1307 wrote: ⤴Wed May 23, 2018 5:24 am hi stephanie...let us know how you make out with this...DAMIEN

ps-is The Governor Massey Inn in downtown Toronto still in business?

sps@spsMini ~ $ dpkg -l | grep microcode
ii  intel-microcode    3.20180425.1~ubuntu0.16.04.1   amd64   Processor microcode firmware for Intel CPUs
ii  iucode-tool          1.5.1-1ubuntu0.1                        amd64   Intel processor microcode tool

sps@spsMini ~ $ grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"
CONFIG_PAGE_TABLE_ISOLATION=y
patched

sps@spsMini ~ $ grep . /sys/devices/system/cpu/vulnerabilities/* 
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: OSB (observable speculation barrier, Intel v6)
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB (Intel v4)

rene wrote: ⤴Wed May 23, 2018 1:29 pm No. This family of vulnerabilities require fairly involved code executing on your computer to exploit. As part of a piece of malware already on your system or, as the only way in which Javascript entered into this at all, as part of for example Javascript code executing on your system by your browser when visiting a malicious site.

Seeing as how you can to a large degree defend against locally installed malware yourself simply by not installing it, the web-based attack vector got the most attention but with the mitigations implemented by browsers (denying code easy access to high resolution timers, needed for the exploit) that threat is in fact at this point probably least likely.

And that's saying something especially on Linux: with the lack of serious malware for Linux out there you'd need to go out and try really hard to get exploited by any of this...

KBD47 wrote: ⤴Wed May 23, 2018 2:18 pm I just wonder if users keep their browsers updated, stick to software in the repositories, and don't download sketchy programs, how big a threat is it?