LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-28-2018, 06:14 AM   #1
gillsman
Member
 
Registered: Mar 2014
Location: UK
Distribution: Mint 18.3
Posts: 192

Rep: Reputation: 35
Spectre & Meltdown


I followed a tutorial to to check to see if my Linux Mint 18.3 laptop was successfully patched against Spectre & Meltdown, This is my results ~


rick@rick-LIFEBOOK-AH530-HD6 ~ $ cd /tmp/
rick@rick-LIFEBOOK-AH530-HD6 /tmp $ wget https://raw.githubusercontent.com/sp...own-checker.sh
--2018-01-28 12:05:16-- https://raw.githubusercontent.com/sp...own-checker.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.16.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.16.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 57304 (56K) [text/plain]
Saving to: ‘spectre-meltdown-checker.sh’

spectre-meltdown-ch 100%[===================>] 55.96K --.-KB/s in 0.05s

2018-01-28 12:05:17 (1.19 MB/s) - ‘spectre-meltdown-checker.sh’ saved [57304/57304]

rick@rick-LIFEBOOK-AH530-HD6 /tmp $ sudo sh spectre-meltdown-checker.sh
[sudo] password for rick:
Spectre and Meltdown mitigation detection tool v0.33

Checking for vulnerabilities on current system
Kernel is Linux 4.13.0-31-generic #34~16.04.1-Ubuntu SMP Fri Jan 19 17:11:01 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: YES
> STATUS: NOT VULNERABLE (114 opcodes found, which is >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: YES
* Currently enabled features
* IBRS enabled for Kernel space: NO (echo 1 > /proc/sys/kernel/ibrs_enabled)
* IBRS enabled for User space: NO (echo 2 > /proc/sys/kernel/ibrs_enabled)
* IBPB enabled: NO (echo 1 > /proc/sys/kernel/ibpb_enabled)
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
* Retpoline enabled: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer
rick@rick-LIFEBOOK-AH530-HD6 /tmp $ [/B]


Note: One section suggests I am vulnerable but I have no idea what I should do.
Any suggestions please.
Thank you.
 
Old 01-28-2018, 07:46 AM   #2
thirdbird
LQ Newbie
 
Registered: Feb 2017
Distribution: Debian
Posts: 20

Rep: Reputation: Disabled
In all honesty, why do anything at all. Media has blown this way out of proportion. Unless your browser is vulnerable there has to be malware on your computer to abuse it, and there are MUCH more interesting things to do once they have root access other than some side channel snooping that may or may not give anything interesting of value at all. These vulnerabilities are extremities, and they were discovered by accident on a very low level virtualization level.

Only data centers with tons of virtual machines on the same server hardware have reasonable concerns as guest can attempt to snoop on eachother.

On private computers there's really nothing to be concerned about.
 
Old 01-28-2018, 08:12 AM   #3
gillsman
Member
 
Registered: Mar 2014
Location: UK
Distribution: Mint 18.3
Posts: 192

Original Poster
Rep: Reputation: 35
Well as with most things there's much misinformation out there, the trouble for those of us who are not expert is what to believe & what not to.
I'm sure that you can understand why newbies panic a little at stories like this, but it's good to get opinions from others so that I can form a considered opinion of my own.

thanks for your input.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Important - Mint security advice for Meltdown & Spectre hydrurga Linux Mint 1 02-17-2018 03:22 PM
Meltdown and Spectre ots3go Solaris / OpenSolaris 1 01-10-2018 04:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration