Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

MX 17 Repository: The Spectre-Meltdown-Checker Thread

Post Reply
Message
Author
User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 15791
Joined: Fri Dec 15, 2006 8:07 pm

MX 17 Repository: The Spectre-Meltdown-Checker Thread

#1 Post by Stevo » Thu Mar 01, 2018 2:28 pm

Debian has packaged this script for checking your vunerabilities, so we now have it in the main repo.

Simple install and run instructions:

Code: Select all

sudo apt-get install spectre-meltdown-checker
sudo spectre-meltdown-checker

User avatar
Gerson
Forum Regular
Forum Regular
Posts: 191
Joined: Sun Nov 12, 2017 10:58 am

Re: MX 17 Repository: The Spectre-Meltdown-Checker Thread

#2 Post by Gerson » Thu Mar 01, 2018 2:45 pm

I already did it and this is the answer of the terminal.
I do not understand anything. :bawling:

Code: Select all

$ sudo spectre-meltdown-checker
Spectre and Meltdown mitigation detection tool v0.34

Checking for vulnerabilities on current system
Kernel is Linux 4.15.3-antix.1-amd64-smp #2 SMP PREEMPT Tue Feb 13 16:49:07 EET 2018 x86_64
CPU is Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 78 stepping 3 ucode 0xba)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  YES 
  * Kernel compiled with a retpoline-aware compiler:  NO  (kernel reports minimal retpoline compilation)
  * Retpoline enabled:  NO 
> STATUS:  VULNERABLE  (Vulnerable: Minimal generic ASM retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
No todos ignoramos las mismas cosas. :confused:

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 15791
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17 Repository: The Spectre-Meltdown-Checker Thread

#3 Post by Stevo » Thu Mar 01, 2018 2:57 pm

It means you should update to a newer antiX 4.15.5, MX 4.15.4, or Liquorix 4.15 kernel if you need Spectre v_2 hardening. The first hardware part means we are all still waiting for Intel to release firmware to fix the problems without screwing up the stability of our machines.

User avatar
Gerson
Forum Regular
Forum Regular
Posts: 191
Joined: Sun Nov 12, 2017 10:58 am

Re: MX 17 Repository: The Spectre-Meltdown-Checker Thread

#4 Post by Gerson » Thu Mar 01, 2018 11:40 pm

¿With which do you recommend starting the machine?
$ sudo dpkg --get-selections | grep linux-image
[sudo] password for gerson:
linux-image-4.14.0-3-amd64 install
linux-image-4.15.0-5.1-liquorix-amd64 install
linux-image-4.15.3-antix.1-amd64-smp install
No todos ignoramos las mismas cosas. :confused:

Post Reply

Return to “Package Requests/Status - MX 17”