i has update my system then i download a script for detecting meltdown and spectre (https://github.com/speed47/spectre-melt ... r/releases) and the report is: <<... Checking for vulnerabilities against running kernel Linux 4.13.0-1-amd64 #1 SMP Debian 4.13.13-1mx17 (2017-11-18) x86_64
CPU is Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: NO
> STATUS: VULNERABLE (only 23 opcodes found, should be >= 70, heuristic to be improved when official patches become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: NO
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): NO
* PTI enabled and active: NO
> STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability)
A false sense of security is worse than no security at all, see --disclaimer ...>>
also: Found linuxfs file linuxfs in directory /antiX
Found:
1 total live kernel (4.13.0-1-amd64)
1 default live kernel (4.13.0-1-amd64)
0 old live kernels
1 total installed kernel (4.13.0-1-amd64)
0 new installed kernels
No new kernels were found
What I can do?
meltdown and spectre
Re: meltdown and spectre
Production: 5.10, MX-23 Xfce, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 16 GB, SSD 120 GB, Data 1TB
Personal: Lenovo X1 Carbon with MX-23 Fluxbox and Windows 10
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin
Personal: Lenovo X1 Carbon with MX-23 Fluxbox and Windows 10
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin
Re: meltdown and spectre
As previously announced on the antiX forums:
https://www.antixforum.com/spectre-and- ... -upgrades/
The available kernels for antiX-17 with meltdown/spectre patches are 4.14.12 and 4.9.75
The available kernels for antiX-16 with meltdown/spectre patches are the 4.9.75.antix.2 kernel now in jessie repo, the 4.4.109 kernel built from Ubuntu source, or the patched Debian kernel (3.16.0-5)
Keep in mind that there are not yet kernel patches available anywhere for all spectre variants and it may be some time before there are.
https://www.antixforum.com/spectre-and- ... -upgrades/
The available kernels for antiX-17 with meltdown/spectre patches are 4.14.12 and 4.9.75
The available kernels for antiX-16 with meltdown/spectre patches are the 4.9.75.antix.2 kernel now in jessie repo, the 4.4.109 kernel built from Ubuntu source, or the patched Debian kernel (3.16.0-5)
Keep in mind that there are not yet kernel patches available anywhere for all spectre variants and it may be some time before there are.
HP Pavillion TP01, AMD Ryzen 3 5300G (quad core), Crucial 500GB SSD, Toshiba 6TB 7200rpm
Dell Inspiron 15, AMD Ryzen 7 2700u (quad core). Sabrent 500GB nvme, Seagate 1TB
Dell Inspiron 15, AMD Ryzen 7 2700u (quad core). Sabrent 500GB nvme, Seagate 1TB
Re: meltdown and spectre
Oops, didn't see that it was in the antiX forum.
Production: 5.10, MX-23 Xfce, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 16 GB, SSD 120 GB, Data 1TB
Personal: Lenovo X1 Carbon with MX-23 Fluxbox and Windows 10
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin
Personal: Lenovo X1 Carbon with MX-23 Fluxbox and Windows 10
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin
Re: meltdown and spectre
Tim, I have the same as you when using Spectre and Meltdown mitigation detection tool v0.27, but you may find that 2 out of 3 VULNERABLE when using Spectre and Meltdown mitigation detection tool v0.30.timkb4cq wrote:
Keep in mind that there are not yet kernel patches available anywhere for all spectre variants and it may be some time before there are.
I have the same results with each version's of the tools after updating to kernel Linux 4.9.0-0.bpo.5-amd64 from kernel Linux 4.7.0-0.bpo.1-amd64. As shown here:
Code: Select all
$ sudo ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.27
Checking for vulnerabilities against live running kernel Linux 4.9.0-0.bpo.5-amd64 #1 SMP Debian 4.9.65-3+deb9u2~bpo8+1 (2017-01-05) x86_64
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: NO
> STATUS: VULNERABLE (only 25 opcodes found, should be >= 70, heuristic to be improved when official patches become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: NO
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
A false sense of security is worse than no security at all, see --disclaimer
$ sudo ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.30
Checking for vulnerabilities against running kernel Linux 4.9.0-0.bpo.5-amd64 #1 SMP Debian 4.9.65-3+deb9u2~bpo8+1 (2017-01-05) x86_64
CPU is AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: NO
> STATUS: VULNERABLE (only 25 opcodes found, should be >= 70, heuristic to be improved when official patches become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation
* The SPEC_CTRL MSR is available: NO
* The SPEC_CTRL CPUID feature bit is set: NO
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
A false sense of security is worse than no security at all, see --disclaimer
Re: meltdown and spectre
Yet the OP's results are from the MX kernel, not one of antiX's. There's some wires crossed somewhere...Jerry3904 wrote:Oops, didn't see that it was in the antiX forum.
I think the recent intel-microcode update would have changed one of the Spectre results, too. Maybe that hasn't been applied yet?
Re: meltdown and spectre
Oops, sorry I put it in the wrong thread as I was going back and forth between two. Was just trying to show that there are different results between versions of the script.Stevo wrote:Yet the OP's results are from the MX kernel, not one of antiX's. There's some wires crossed somewhere...Jerry3904 wrote:Oops, didn't see that it was in the antiX forum.
I think the recent intel-microcode update would have changed one of the Spectre results, too. Maybe that hasn't been applied yet?
Here is my APT History, note the two intel-microcode updates.
Code: Select all
2018-01-14 09:42:07 remove linux-image-amd64 amd64 4.9+80+deb9u2~bpo8+2 <none>
2018-01-14 09:42:07 remove linux-headers-amd64 amd64 4.9+80+deb9u2~bpo8+2 <none>
2018-01-14 09:38:21 upgrade linux-image-amd64 amd64 4.9+80+deb9u2~bpo8+2 4.9+80+deb9u2~bpo8+2
2018-01-14 09:38:20 upgrade linux-headers-amd64 amd64 4.9+80+deb9u2~bpo8+2 4.9+80+deb9u2~bpo8+2
2018-01-14 09:36:56 install linux-image-amd64 amd64 <none> 4.9+80+deb9u2~bpo8+2
2018-01-14 09:36:51 install linux-image-4.9.0-0.bpo.5-amd64 amd64 <none> 4.9.65-3+deb9u2~bpo8+1
2018-01-14 09:36:50 install linux-headers-amd64 amd64 <none> 4.9+80+deb9u2~bpo8+2
2018-01-14 09:36:48 install linux-kbuild-4.9 amd64 <none> 4.9.65-3+deb9u2~bpo8+1
2018-01-14 09:36:48 install linux-headers-4.9.0-0.bpo.5-amd64 amd64 <none> 4.9.65-3+deb9u2~bpo8+1
2018-01-14 09:36:42 install linux-headers-4.9.0-0.bpo.5-common all <none> 4.9.65-3+deb9u2~bpo8+1
2018-01-14 09:32:47 upgrade mx-packageinstaller-pkglist all 18.01mx16 18.02mx16
2018-01-14 09:32:46 upgrade smtube amd64 17.5.0-0mx150+1 18.1.0+4.1
2018-01-14 09:32:45 upgrade cli-shell-utils all 0.3.4 0.3.5
2018-01-14 09:32:45 install libqt5script5 amd64 <none> 5.3.2+dfsg-2
2018-01-13 09:30:21 upgrade python-libxml2 amd64 2.9.1+dfsg1-5+deb8u5 2.9.1+dfsg1-5+deb8u6
2018-01-13 09:30:21 upgrade intel-microcode amd64 3.20171215.1~mx15+1 3.20180108.1~mx15+1
2018-01-13 09:30:20 upgrade libxml2 amd64 2.9.1+dfsg1-5+deb8u5 2.9.1+dfsg1-5+deb8u6
2018-01-13 09:30:19 upgrade libxml2 i386 2.9.1+dfsg1-5+deb8u5 2.9.1+dfsg1-5+deb8u6
2018-01-12 08:03:11 upgrade xfce4-whiskermenu-plugin amd64 1:1.7.3-1mx15+1 1:1.7.5-0.1~mx15+1
2018-01-12 08:03:10 upgrade live-usb-maker-gui all 0.2.2 0.2.3
2018-01-11 08:00:30 upgrade intel-microcode amd64 3.20170707.1mx15+1 3.20171215.1~mx15+1
Re: meltdown and spectre
This is one guy posting on the Alpine Linux developer boards, but it's distressing for older kernels if it's true:
https://lists.alpinelinux.org/alpine-devel/6022.html
https://lists.alpinelinux.org/alpine-devel/6022.html
Re: meltdown and spectre
Production: 5.10, MX-23 Xfce, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 16 GB, SSD 120 GB, Data 1TB
Personal: Lenovo X1 Carbon with MX-23 Fluxbox and Windows 10
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin
Personal: Lenovo X1 Carbon with MX-23 Fluxbox and Windows 10
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin