spectre-meltdown-checker script reports that my system is vulnerable to CVE-2017-5715. My CPU is Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Is this normal?
In the past all checks from spectre-meltdown-checker were green (my
system was not vulnerable).
STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, isneeded to mitigate the vulnerability)
On 12/03/2022 09:48, Georgi Naplatanov wrote:
spectre-meltdown-checker script reports that my system is vulnerable to
CVE-2017-5715. My CPU is Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Is this normal?
In the past all checks from spectre-meltdown-checker were green (my
system was not vulnerable).
Is your vulnerability shown as follows?
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation:
Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel supports RSB filling: YES
STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, isneeded to mitigate the vulnerability)
STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, isneeded to mitigate the vulnerability)
On 3/23/22 15:58, piorunz wrote:
On 12/03/2022 09:48, Georgi Naplatanov wrote:
spectre-meltdown-checker script reports that my system is vulnerable to
CVE-2017-5715. My CPU is Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Is this normal?
In the past all checks from spectre-meltdown-checker were green (my
system was not vulnerable).
Is your vulnerability shown as follows?
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation:
Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel supports RSB filling: YES
STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, isneeded to mitigate the vulnerability)
Yes, it seems the same but to avoid possible confusion/mistake I'm
pasting the output below:
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation:
Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel supports RSB filling: YES
STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, isneeded to mitigate the vulnerability)
Hi,
On Wed, Mar 23, 2022 at 11:47 AM Georgi Naplatanov <gosho@oles.biz> wrote:
On 3/23/22 15:58, piorunz wrote:
On 12/03/2022 09:48, Georgi Naplatanov wrote:
spectre-meltdown-checker script reports that my system is vulnerable to >>>> CVE-2017-5715. My CPU is Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Is this normal?
In the past all checks from spectre-meltdown-checker were green (my
system was not vulnerable).
Is your vulnerability shown as follows?
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation:
Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling) >>> * Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel supports RSB filling: YES
STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, isneeded to mitigate the vulnerability)
Yes, it seems the same but to avoid possible confusion/mistake I'm
pasting the output below:
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation:
Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel supports RSB filling: YES
STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, isneeded to mitigate the vulnerability)
Please, take into consideration what is in the link and you can consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
Please, take into consideration what is in the link and you can consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
On 23/03/2022 15:41, Leandro Cunha wrote:
Please, take into consideration what is in the link and you can
consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
Leandro,
I've been on this website before I posted with spectre-meltdown-checker results. I have vulnerable status just like author of this topic. I am
on intel-microcode 3.20210608.2, and by the look of it, this bug
supposed to be fixed in:
"intel-microcode: Some microcode updates to partially adress
CVE-2017-5715 included in 3.20171215.1
Further updates in 3.20180312.1"
So my version of microcode is 3-4 years newer than that.
Is it microcode problem, or spectre-meltdown-checker displaying wrong information, or something else entirely?
On 3/23/22 18:35, piorunz wrote:
On 23/03/2022 15:41, Leandro Cunha wrote:
Please, take into consideration what is in the link and you can
consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
Leandro,
I've been on this website before I posted with spectre-meltdown-checker results. I have vulnerable status just like author of this topic. I am
on intel-microcode 3.20210608.2, and by the look of it, this bug
supposed to be fixed in:
"intel-microcode: Some microcode updates to partially adress
CVE-2017-5715 included in 3.20171215.1
Further updates in 3.20180312.1"
So my version of microcode is 3-4 years newer than that.
Is it microcode problem, or spectre-meltdown-checker displaying wrong information, or something else entirely?
I want to mention that on the same computer with kernel Debian 5.10.92-2
spectre-meltdown-checker
reports that the system is not vulnerable to CVE-2017-5715
Kind regards
Georgi
On 3/23/22 22:43, Leandro Cunha wrote:
Hi,
On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <gosho@oles.biz> wrote:
On 3/23/22 18:35, piorunz wrote:
On 23/03/2022 15:41, Leandro Cunha wrote:
Please, take into consideration what is in the link and you canLeandro,
consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715 >>>
I've been on this website before I posted with spectre-meltdown-checker >>> results. I have vulnerable status just like author of this topic. I am >>> on intel-microcode 3.20210608.2, and by the look of it, this bug
supposed to be fixed in:
"intel-microcode: Some microcode updates to partially adress
CVE-2017-5715 included in 3.20171215.1
Further updates in 3.20180312.1"
So my version of microcode is 3-4 years newer than that.
Is it microcode problem, or spectre-meltdown-checker displaying wrong
information, or something else entirely?
I want to mention that on the same computer with kernel Debian 5.10.92-2 >>
spectre-meltdown-checker
reports that the system is not vulnerable to CVE-2017-5715
Kind regards
Georgi
This script is reporting an already patched CVE as vulnerable.
Are you sure this behavior on 5.10.103-1 is not some kind of regression?
What is the evidence that vulnerability is still fixed?
Hi,
On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <gosho@oles.biz> wrote:
On 3/23/22 18:35, piorunz wrote:
On 23/03/2022 15:41, Leandro Cunha wrote:
Please, take into consideration what is in the link and you canLeandro,
consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715 >>>
I've been on this website before I posted with spectre-meltdown-checker
results. I have vulnerable status just like author of this topic. I am
on intel-microcode 3.20210608.2, and by the look of it, this bug
supposed to be fixed in:
"intel-microcode: Some microcode updates to partially adress
CVE-2017-5715 included in 3.20171215.1
Further updates in 3.20180312.1"
So my version of microcode is 3-4 years newer than that.
Is it microcode problem, or spectre-meltdown-checker displaying wrong
information, or something else entirely?
I want to mention that on the same computer with kernel Debian 5.10.92-2
spectre-meltdown-checker
reports that the system is not vulnerable to CVE-2017-5715
Kind regards
Georgi
This script is reporting an already patched CVE as vulnerable.
Hi,
On Wed, Mar 23, 2022 at 11:17:41PM +0200, Georgi Naplatanov wrote:
On 3/23/22 22:43, Leandro Cunha wrote:
Hi,
On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <gosho@oles.biz> wrote: >>>>
On 3/23/22 18:35, piorunz wrote:
On 23/03/2022 15:41, Leandro Cunha wrote:
Please, take into consideration what is in the link and you canLeandro,
consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715 >>>>>
I've been on this website before I posted with spectre-meltdown-checker >>>>> results. I have vulnerable status just like author of this topic. I am >>>>> on intel-microcode 3.20210608.2, and by the look of it, this bug
supposed to be fixed in:
"intel-microcode: Some microcode updates to partially adress
CVE-2017-5715 included in 3.20171215.1
Further updates in 3.20180312.1"
So my version of microcode is 3-4 years newer than that.
Is it microcode problem, or spectre-meltdown-checker displaying wrong >>>>> information, or something else entirely?
I want to mention that on the same computer with kernel Debian 5.10.92-2 >>>>
spectre-meltdown-checker
reports that the system is not vulnerable to CVE-2017-5715
Kind regards
Georgi
This script is reporting an already patched CVE as vulnerable.
Are you sure this behavior on 5.10.103-1 is not some kind of regression?
What is the evidence that vulnerability is still fixed?
See: https://github.com/speed47/spectre-meltdown-checker/issues/420
(Background of this is
https://www.vusec.net/projects/bhi-spectre-bhb/).
On 3/23/22 22:43, Leandro Cunha wrote:
Hi,
On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <gosho@oles.biz> wrote:
On 3/23/22 18:35, piorunz wrote:
On 23/03/2022 15:41, Leandro Cunha wrote:
Please, take into consideration what is in the link and you canLeandro,
consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715 >>>
I've been on this website before I posted with spectre-meltdown-checker >>> results. I have vulnerable status just like author of this topic. I am >>> on intel-microcode 3.20210608.2, and by the look of it, this bug
supposed to be fixed in:
"intel-microcode: Some microcode updates to partially adress
CVE-2017-5715 included in 3.20171215.1
Further updates in 3.20180312.1"
So my version of microcode is 3-4 years newer than that.
Is it microcode problem, or spectre-meltdown-checker displaying wrong
information, or something else entirely?
I want to mention that on the same computer with kernel Debian 5.10.92-2 >>
spectre-meltdown-checker
reports that the system is not vulnerable to CVE-2017-5715
Kind regards
Georgi
This script is reporting an already patched CVE as vulnerable.
Are you sure this behavior on 5.10.103-1 is not some kind of regression?
What is the evidence that vulnerability is still fixed?
Kind regards
Georgi
Hi,
On Wed, Mar 23, 2022 at 6:18 PM Georgi Naplatanov <gosho@oles.biz> wrote:
On 3/23/22 22:43, Leandro Cunha wrote:
Hi,
On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <gosho@oles.biz> wrote: >>>>
On 3/23/22 18:35, piorunz wrote:
On 23/03/2022 15:41, Leandro Cunha wrote:
Please, take into consideration what is in the link and you canLeandro,
consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715 >>>>>
I've been on this website before I posted with spectre-meltdown-checker >>>>> results. I have vulnerable status just like author of this topic. I am >>>>> on intel-microcode 3.20210608.2, and by the look of it, this bug
supposed to be fixed in:
"intel-microcode: Some microcode updates to partially adress
CVE-2017-5715 included in 3.20171215.1
Further updates in 3.20180312.1"
So my version of microcode is 3-4 years newer than that.
Is it microcode problem, or spectre-meltdown-checker displaying wrong >>>>> information, or something else entirely?
I want to mention that on the same computer with kernel Debian 5.10.92-2 >>>>
spectre-meltdown-checker
reports that the system is not vulnerable to CVE-2017-5715
Kind regards
Georgi
This script is reporting an already patched CVE as vulnerable.
Are you sure this behavior on 5.10.103-1 is not some kind of regression?
What is the evidence that vulnerability is still fixed?
Kind regards
Georgi
When replying to your email I was aware of the script issue that was reporting
several already resolved CVEs as unresolved. As Salvatore sent the issue link.
But it seems to me that this problem was solved 7 days ago, it would be interesting if there was an update or a backport to stable.
Hi,
On Fri, Mar 25, 2022 at 4:19 AM Georgi Naplatanov <gosho@oles.biz> wrote:
On 3/25/22 03:24, Leandro Cunha wrote:
Hi,
On Wed, Mar 23, 2022 at 6:18 PM Georgi Naplatanov <gosho@oles.biz> wrote: >>>>
On 3/23/22 22:43, Leandro Cunha wrote:
Hi,
On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <gosho@oles.biz> wrote: >>>>>>
On 3/23/22 18:35, piorunz wrote:
On 23/03/2022 15:41, Leandro Cunha wrote:
Please, take into consideration what is in the link and you can >>>>>>>> consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
Leandro,
I've been on this website before I posted with spectre-meltdown-checker >>>>>>> results. I have vulnerable status just like author of this topic. I am >>>>>>> on intel-microcode 3.20210608.2, and by the look of it, this bug >>>>>>> supposed to be fixed in:
"intel-microcode: Some microcode updates to partially adress
CVE-2017-5715 included in 3.20171215.1
Further updates in 3.20180312.1"
So my version of microcode is 3-4 years newer than that.
Is it microcode problem, or spectre-meltdown-checker displaying wrong >>>>>>> information, or something else entirely?
I want to mention that on the same computer with kernel Debian 5.10.92-2 >>>>>>
spectre-meltdown-checker
reports that the system is not vulnerable to CVE-2017-5715
Kind regards
Georgi
This script is reporting an already patched CVE as vulnerable.
Are you sure this behavior on 5.10.103-1 is not some kind of regression? >>>> What is the evidence that vulnerability is still fixed?
Kind regards
Georgi
When replying to your email I was aware of the script issue that was reporting
several already resolved CVEs as unresolved. As Salvatore sent the issue link.
But it seems to me that this problem was solved 7 days ago, it would be
interesting if there was an update or a backport to stable.
Hi Leandro,
I also think that an update would be nice.
Kind regards
Georgi
I applied a patch from upstream and repackaged it from unstable.
And this CVE is displayed as resolved.
On 3/25/22 03:24, Leandro Cunha wrote:
Hi,
On Wed, Mar 23, 2022 at 6:18 PM Georgi Naplatanov <gosho@oles.biz> wrote:
On 3/23/22 22:43, Leandro Cunha wrote:
Hi,
On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <gosho@oles.biz> wrote: >>>>
On 3/23/22 18:35, piorunz wrote:
On 23/03/2022 15:41, Leandro Cunha wrote:
Please, take into consideration what is in the link and you can
consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
Leandro,
I've been on this website before I posted with spectre-meltdown-checker >>>>> results. I have vulnerable status just like author of this topic. I am >>>>> on intel-microcode 3.20210608.2, and by the look of it, this bug
supposed to be fixed in:
"intel-microcode: Some microcode updates to partially adress
CVE-2017-5715 included in 3.20171215.1
Further updates in 3.20180312.1"
So my version of microcode is 3-4 years newer than that.
Is it microcode problem, or spectre-meltdown-checker displaying wrong >>>>> information, or something else entirely?
I want to mention that on the same computer with kernel Debian 5.10.92-2 >>>>
spectre-meltdown-checker
reports that the system is not vulnerable to CVE-2017-5715
Kind regards
Georgi
This script is reporting an already patched CVE as vulnerable.
Are you sure this behavior on 5.10.103-1 is not some kind of regression? >> What is the evidence that vulnerability is still fixed?
Kind regards
Georgi
When replying to your email I was aware of the script issue that was reporting
several already resolved CVEs as unresolved. As Salvatore sent the issue link.
But it seems to me that this problem was solved 7 days ago, it would be interesting if there was an update or a backport to stable.
Hi Leandro,
I also think that an update would be nice.
Kind regards
Georgi
On 3/25/22 19:19, Leandro Cunha wrote:
Hi,
On Fri, Mar 25, 2022 at 4:19 AM Georgi Naplatanov <gosho@oles.biz> wrote:
On 3/25/22 03:24, Leandro Cunha wrote:
Hi,
On Wed, Mar 23, 2022 at 6:18 PM Georgi Naplatanov <gosho@oles.biz> wrote: >>>>
On 3/23/22 22:43, Leandro Cunha wrote:
Hi,
On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <gosho@oles.biz> wrote:
On 3/23/22 18:35, piorunz wrote:
On 23/03/2022 15:41, Leandro Cunha wrote:
Please, take into consideration what is in the link and you can >>>>>>>> consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
Leandro,
I've been on this website before I posted with spectre-meltdown-checker
results. I have vulnerable status just like author of this topic. I am
on intel-microcode 3.20210608.2, and by the look of it, this bug >>>>>>> supposed to be fixed in:
"intel-microcode: Some microcode updates to partially adress
CVE-2017-5715 included in 3.20171215.1
Further updates in 3.20180312.1"
So my version of microcode is 3-4 years newer than that.
Is it microcode problem, or spectre-meltdown-checker displaying wrong >>>>>>> information, or something else entirely?
I want to mention that on the same computer with kernel Debian 5.10.92-2
spectre-meltdown-checker
reports that the system is not vulnerable to CVE-2017-5715
Kind regards
Georgi
This script is reporting an already patched CVE as vulnerable.
Are you sure this behavior on 5.10.103-1 is not some kind of regression? >>>> What is the evidence that vulnerability is still fixed?
Kind regards
Georgi
When replying to your email I was aware of the script issue that was reporting
several already resolved CVEs as unresolved. As Salvatore sent the issue link.
But it seems to me that this problem was solved 7 days ago, it would be >>> interesting if there was an update or a backport to stable.
Hi Leandro,
I also think that an update would be nice.
Kind regards
Georgi
I applied a patch from upstream and repackaged it from unstable.
And this CVE is displayed as resolved.
Thank you, Leandro!
I guess that the patch will appear in Debian stable (11.4), right?
Kind regards
Georgi
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 04:17:24 |
Calls: | 6,666 |
Files: | 12,213 |
Messages: | 5,335,875 |