ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

[blueredgreen]

blueredgreen, for the microcode update to have an effect:

1) you have to reboot first...and then run dmesg | grep microcode to verify it's date.
2) even then, it might just be that the latest microcode update doesn't yet provide support for your processor; theoritically, it should report a date later then 2017-06-01...

Thank you, I did reboot, I guess I will just keep watching my driver manager for newer updates, as I think it is unlikely my processor is "unaffected".

[thx-1138]

blueredgreen, i3 processors are not unaffected... the flaw affects way much older versions as well:
https://www.intel.com/content/www/us/en ... cts.html#4
Other than that, yes - just keep your system regularly / properly updated (kernel 4.4.0-109 & firefox 57.0.4 have you covered...), install a newer microcode if / when it gets released, and you're set...

[rene]

my cpu is an i3 u 380 and i am not sure if this exact cpu is even affected

That is a mobile first generation Core i3 (Arrandale) and indeed affected. Note that basically any CPU from the last 2 decades is to some degree affected by Spectre -- Intel certainly, AMD more marginally as far as known at this point -- and all CPU's produced by Intel from at least the last decade additionally by Meltdown. I.e., don't feel bad, you have a lot of company.

New microcode for your CPU concerning Meltdown and/or Spectre has not been released yet; only 3rd generation and up. The fact that you do see the 2013 microcode being applied at boot after installing it does mean that said 2013 microcode is both relevant for your CPU and is not yet being applied by your BIOS. You can keep it installed: it no doubt fixes some obscure corner case; read microcode-changelogs and google if interested. You can of course also go verify that a newer BIOS that incorporates that microcode isn't available for your system: if it is, it might have additional fixes/advantages and you wouldn't need Linux to apply the microcode even if you want the fix it brings. Given that you likely up to now hadn't experienced any issue without the 2013 microcode you may of course also elect to not give a hoot...

In any case: no Meltdown/Spectre-mitigating microcode has been released for your CPU yet.

[michael louwe]

@ neversaynever, .......

...

.
According to this link ... https://askubuntu.com/questions/469199/ ... -wont-boot , it could be a Linux kernel bug present from kernel 3.13 onward(= LM 17.x onward). Maybe, your Acer Travelmate 8573T cannot run 64bit Linux due to the kernel bug = stick with Win 7 64bit.

[thx-1138]

...just stumbled upon this while lurking around on phoronix... (ctrl+f, spectre_v2)...

[Harfud]

So...

Another wave of Ubuntu kernel updates this week (should arrive through update manager)

Intel microcode updates for up to ten year old CPUs in the not too distant future, up to five year old mainly already done (should arrive through update manager)

Intel microcode updates for selected over ten year old CPUs once Intel have taken advice from hardware manufacturers as to which ones are still numerous in the field (should arrive through update manager)

Patched Chromium browser to be released 23rd Jan (assumably quickly into repositories for updates) Latest current version Strict-Site-Isolation switchable as a temporary fix.

Latest Firefox version fixed.

Seems very automated for Mint, although I'm needing to update microcode manually with LMDE2.

All credit to the devs I think, this nightmare is coming under control.

[neversaynever]

@ michael louwe.....

@ neversaynever, .......

...

.
According to this link ... https://askubuntu.com/questions/469199/ ... -wont-boot , it could be a Linux kernel bug present from kernel 3.13 onward(= LM 17.x onward). Maybe, your Acer Travelmate 8573T cannot run 64bit Linux due to the kernel bug = stick with Win 7 64bit.

Wow! If that is the problem I think that the only solution is to change the PC with a newer one (with UEFI). I guess that the kernel bug will never be corrected (maybe nobody knows about it even). Do you know a way to be sure about the existence of this kernel bug which seems to affect only my PC ? Or to informe someone of Linux about that ?
Thank you for your patience

[Pjotr]

@ michael louwe.....

According to this link ... https://askubuntu.com/questions/469199/ ... -wont-boot , it could be a Linux kernel bug present from kernel 3.13 onward(= LM 17.x onward). Maybe, your Acer Travelmate 8573T cannot run 64bit Linux due to the kernel bug = stick with Win 7 64bit.

Wow! If that is the problem I think that the only solution is to change the PC with a newer one (with UEFI). I guess that the kernel bug will never be corrected (maybe nobody knows about it even). Do you know a way to be sure about the existence of this kernel bug which seems to affect only my PC ? Or to informe someone of Linux about that ?
Thank you for your patience

I highly doubt that's the problem for you, because that particular bug report is more than three years old and concerns a totally different Ubuntu LTS (14.04).

[michael louwe]

http://www.zdnet.com/article/meltdown-s ... ty-issues/ (Meltdown-Spectre: More businesses warned off patching over stability issues - dated 15 Jan 2018)

[michael louwe]

http://www.zdnet.com/article/meltdown-s ... ter-patch/ (Meltdown-Spectre: Intel says newer chips also hit by unwanted reboots after patch - dated 18 Jan 2018)

http://news.softpedia.com/news/canonica ... 9448.shtml (Canonical Invites Ubuntu Users to Test Kernel Patches for Spectre Security Flaw - dated 18 Jan 2018)

[thx-1138]

http://kroah.com/log/blog/2018/01/19/meltdown-status-2/

[BigEasy]

https://www.bleepingcomputer.com/news/s ... ot-issues/
P.S. still non-existent malware continues to make its victims. It is something like horror movies about zombies.

[Faust]

https://www.bleepingcomputer.com/news/s ... ot-issues/
P.S. still non-existent malware continues to make its victims. It is something like horror movies about zombies.

@BigEasy
Arrhh ..... Thank you !
That's the second time in the past few weeks that I've seen you make a highly intelligent comment on this .

Rushing to patch is a big mistake and risks causing far more harm than good .
There are now reports all over " The Sprawl" about borked systems caused by a rush to apply sub-standard patches ,
both for GNU/Linux , and that other OS .

" Act in haste , repent at leisure " ..... there is still some wisdom in those old sayings

Keep in mind that at this point in time .... THERE IS NO THREAT !
Thus far it is entirely imaginary , and even the proof-of-concept reports are highly speculative and shaky .
I can't find a single real-world exploit that has been reported yet , by any of the reputable security researchers ,
on any of the forums with a strong security focus or on any of the pen-testing websites .
And same goes for the hardware gurus ( eg. Positive Technologies ) .

There is nothing out there .

But there is certainly an epidemic of " Headless Chicken Syndrome " .

Sorry if it's a little bombastic ; I'm posting partly out of fun , partly out of devilment , but mainly
because I believe it to be true .

And I know a few pen-testers who don't mind going to dark places , but I'm told that there is nothing there either .

The time could be better spent searching under the bed for the bogey-man .
The result will be exactly the same ( there's nothing there ) although it may help some folks sleep better ,
and it will definitely NOT bork your system .

[Pjotr]

@Faust: for your amusement and inspiration, here's a translation of an old Dutch saying: "When the calf has drowned, one fills the pit".

Implying: it would have been better to fill the pit before the calf drowned.

[Faust]

@Faust: for your amusement and inspiration, here's a translation of an old Dutch saying: "When the calf has drowned, one fills the pit".

Implying: it would have been better to fill the pit before the calf drowned.

Thanks Pjotr , I was both amused , and even a little inspired

That's similar to an old English one ..... " Shutting the stable door after the horse has bolted "
( Both are farming metaphors , that's interesting ).

Anyway , to stretch that analogy even further ...
What pit ?
There IS no pit .

And if a pit were to appear, then that is the appropriate time to think about filling it in .
If we simply run around filling non-existent pits , we will end up with mounds ,
of s... ...... something .

Either way , the calf is going to be just fine ( unless it falls off a mound of course ) .

And it's Saturday , and it's raining ....

[BigEasy]

@Pjotr. Our saying is: "Do not run so fast to get to hell before parents"

[Arch_Enemy]

Hmmm...when I use iucode-tool, this is what I get for a -S (scan):

iucode-tool: cpuid kernel driver unavailable, cannot scan system processor signatures

[Pjotr]

For testing whether your kernel has been patched against Meltdown, this appears to be a reliable test method:

Code: Select all

dmesg | grep isolation

It should return:

Code: Select all

[    0.000000] Kernel/User page tables isolation: enabled

Earlier unpatched kernels should return nothing at all for that command.

More information:
https://en.wikipedia.org/wiki/Kernel_pa ... _isolation

[ArtGirl]

For testing whether your kernel has been patched against Meltdown, this appears to be a reliable test method:

Code: Select all

dmesg | grep isolation

Earlier unpatched kernels should return nothing at all for that command.

Thanks for the link. Unfortunately, I'm getting nothing show up when running the test, but am running the patched 4.4 and 4.13. Not sure what's happening there.

[Pjotr]

Thanks for the link. Unfortunately, I'm getting nothing show up when running the test, but am running the patched 4.4 and 4.13. Not sure what's happening there.

What does this command give:

Code: Select all

uname -rv