Still exploring . Trying a Ubuntu version later than 109 < 111 > that is supposed to be newer for this snafu
Code: Select all
harry@biker:~
$ inxi -S
System: Host: biker Kernel: 4.4.11-040411-generic i686 bits: 32 Desktop: IceWM 1.3.8
Distro: antiX-15-V_386-full Killah P 30 June 2015
harry@biker:~
$ inxi -M
Machine: Device: laptop System: LENOVO product: 2347DS2 v: ThinkPad T430 serial: N/A
Mobo: LENOVO model: 2347DS2 serial: N/A
UEFI [Legacy]: LENOVO v: G1ET41WW (1.16 ) date: 05/25/2012
At least the i386 kernel picks up my 16 gig of ram
Code: Select all
Info: Processes: 174 Uptime: 9 min Memory: 414.5/15934.1MB
But Adrian is right about this one. Edit: Don't yell at me , bro. I missed this in my earlier post.
it might have been ported to other older versions,
Code: Select all
harry@biker:~
$ grep . /sys/devices/system/cpu/vulnerabilities/*
grep: /sys/devices/system/cpu/vulnerabilities/*: No such file or directory
Sooooooooooo
Code: Select all
harry@biker:~
$ cd /tmp/
harry@biker:/tmp
$ wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
--2018-02-24 10:39:00-- https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.184.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.184.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 65907 (64K) [text/plain]
Saving to: ‘spectre-meltdown-checker.sh’
spectre-meltdown-checker 100%[====================================>] 64.36K --.-KB/s in 0.1s
2018-02-24 10:39:01 (485 KB/s) - ‘spectre-meltdown-checker.sh’ saved [65907/65907]
harry@biker:/tmp
$ sudo sh spectre-meltdown-checker.sh
[sudo] password for harry:
Spectre and Meltdown mitigation detection tool v0.35
Checking for vulnerabilities on current system
Kernel is Linux 4.4.11-040411-generic #201605182255 SMP Thu May 19 03:10:00 UTC 2016 i686
CPU is Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 58 stepping 9 ucode 0x12)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Kernel has array_index_mask_nospec: NO
* Kernel has the Red Hat/Ubuntu patch: NO
* Checking count of LFENCE instructions following a jump in kernel... NO (only 0 jump-then-lfence instructions found, should be >= 30 (heuristic))
> STATUS: VULNERABLE (Kernel source needs to be patched to mitigate the vulnerability)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): NO
* PTI enabled and active: UNKNOWN (dmesg truncated, please reboot and relaunch this script)
* Running as a Xen PV DomU: NO
> STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability)
A false sense of security is worse than no security at all, see --disclaimer
harry@biker:/tmp
$
So off to uninstall ubuntus i386 kernel
https://askubuntu.com/questions/992232/ ... rabilities
Because all this techy jargon is way over my head. I am baffled by bull pucky. So just exploring options. Done for today.