Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

spectre-meltdown-checker vulnerable to CVE-2017-5715
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
tetumetal
n00b
n00b


Joined: 09 Jun 2022
Posts: 14
PostPosted: Sat Jul 30, 2022 10:00 pm    Post subject: spectre-meltdown-checker vulnerable to CVE-2017-5715 Reply with quote
hi All,

I ran spectre-meltdown-checker on my Gentoo system, and I got the following output:

Code:

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface:  YES  (Mitigation: Retpolines, IBPB: conditional, IBRS_FW, RSB filling)
* Mitigation 1
  * Kernel is compiled with IBRS support:  YES
    * IBRS enabled and active:  YES  (for firmware code only)
  * Kernel is compiled with IBPB support:  YES
    * IBPB enabled and active:  YES
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO
  * Kernel compiled with retpoline option:  YES

    STATUS:  VULNERABLE  (retpoline+IBPB is needed to mitigate the vulnerability)


So, apparently my system is vulnerable to the CVE-2017-5715. Is there anything I can do to fix this issue?

P.S.: I'm running the latest linux kernel (5.15.52-gentoo) and I have installed the microcode.

Thanks for your help!
Back to top
View user's profile Send private message
user
Apprentice
Apprentice


Joined: 08 Feb 2004
Posts: 202
PostPosted: Sat Jul 30, 2022 10:53 pm    Post subject: Reply with quote
Hi tetumetal
update to spectre-meltdown-checker v0.45

Code:
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on, RSB filling)
* Mitigation 1
  * Kernel is compiled with IBRS support: YES
    * IBRS enabled and active: YES (for firmware code only)
  * Kernel is compiled with IBPB support: YES
    * IBPB enabled and active: YES
* Mitigation 2
  * Kernel has branch predictor hardening (arm): NO
  * Kernel compiled with retpoline option: YES
    * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
Back to top
View user's profile Send private message
tetumetal
n00b
n00b


Joined: 09 Jun 2022
Posts: 14
PostPosted: Sun Jul 31, 2022 12:18 pm    Post subject: Reply with quote
hi user,

I updated to v0.45 and it worked like a charm. According to spectre-meltdown-checker v0.45 my Gentoo system is not hit by a known spectre variant.

Thanks a lot!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy