View previous topic :: View next topic |
Author |
Message |
tetumetal n00b
Joined: 09 Jun 2022 Posts: 14
|
Posted: Sat Jul 30, 2022 10:00 pm Post subject: spectre-meltdown-checker vulnerable to CVE-2017-5715 |
|
|
hi All,
I ran spectre-meltdown-checker on my Gentoo system, and I got the following output:
Code: |
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Retpolines, IBPB: conditional, IBRS_FW, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
STATUS: VULNERABLE (retpoline+IBPB is needed to mitigate the vulnerability)
|
So, apparently my system is vulnerable to the CVE-2017-5715. Is there anything I can do to fix this issue?
P.S.: I'm running the latest linux kernel (5.15.52-gentoo) and I have installed the microcode.
Thanks for your help! |
|
Back to top |
|
|
user Apprentice
Joined: 08 Feb 2004 Posts: 202
|
Posted: Sat Jul 30, 2022 10:53 pm Post subject: |
|
|
Hi tetumetal
update to spectre-meltdown-checker v0.45
Code: | CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
|
|
|
Back to top |
|
|
tetumetal n00b
Joined: 09 Jun 2022 Posts: 14
|
Posted: Sun Jul 31, 2022 12:18 pm Post subject: |
|
|
hi user,
I updated to v0.45 and it worked like a charm. According to spectre-meltdown-checker v0.45 my Gentoo system is not hit by a known spectre variant.
Thanks a lot! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|