-
sabayonino
-
-
Offline
-
Administrator
-
-
Gentoo||KDE
-
Messaggi: 5718
-
Ringraziamenti ricevuti 338
-
-
-
-
|
Restando in ambito GNU-Linux (versione lunga , altrimenti panzarotto si offende) , gli amici di
Phoronix
hanno testato il parametro " nopti" (su architettura x86) da passare al kernel per disabilitare la patch recentemente introdotta che va a tappare la falla di Meltdown & Spectre.
Parametro disponibile dal kernel 4.15 ,attualmente in sviluppo.
ovviamente siate consapevole di quello che fate (o farete)
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
Ultima Modifica: da sabayonino.
|
-
sabayonino
-
-
Offline
-
Administrator
-
-
Gentoo||KDE
-
Messaggi: 5718
-
Ringraziamenti ricevuti 338
-
-
-
-
|
Ora è il momento dell'azienda di Redmond
Dal
CloudBlog Microsoft
, TerryMyerson , Vicepresidente Esecutivo dell'azienda analizza gli impatti che questi due bugs hanno avuto nei loro sistemi.
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
astroale
-
Autore della discussione
-
Offline
-
Referente QCN / Radioactive
-
-
Messaggi: 3908
-
Ringraziamenti ricevuti 106
-
-
-
|
Ora è il momento dell'azienda di Redmond
Dal
CloudBlog Microsoft
, TerryMyerson , Vicepresidente Esecutivo dell'azienda analizza gli impatti che questi due bugs hanno avuto nei loro sistemi.
Direi che stanno facendo anche parecchio casino
Meltdown, Spectre e il caos post-update
Mentre le aziende produttrici corrono ai ripari rilasciando patch e aggiornamenti, gli utenti devono fare i conti con un bel po' di problemi nell'adattarsi al nuovo corso. E' la situazione post-Meltdown e Spectre, ed è puro caos
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
zioriga
-
-
Online
-
RAM 512 KB
-
-
Messaggi: 2982
-
Ringraziamenti ricevuti 254
-
-
-
-
|
io ho fatto l'aggiornamento su Win 10 e sta funzionando correttamente e non ho trovato sensibili rallentamenti
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
sabayonino
-
-
Offline
-
Administrator
-
-
Gentoo||KDE
-
Messaggi: 5718
-
Ringraziamenti ricevuti 338
-
-
-
-
|
Su GitHub c'è
Uno script di controllo
patch [GNU-Linux]
$ wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh && chmod +x spectre-meltdown-checker.sh && sh spectre-meltdown-checker.sh
Per correttezza posto anche il Disclaimer
Disclaimer
This tool does its best to determine whether your system is immune (or has proper mitigations in place) for the collectively named "speculative execution" vulnerabilities. It doesn't attempt to run any kind of exploit, and can't guarantee that your system is secure, but rather helps you verifying whether your system has the known correct mitigations in place. However, some mitigations could also exist in your kernel that this script doesn't know (yet) how to detect, or it might falsely detect mitigations that in the end don't work as expected (for example, on backported or modified kernels).
Your system exposure also depends on your CPU. As of now, AMD and ARM processors are marked as immune to some or all of these vulnerabilities (except some specific ARM models). All Intel processors manufactured since circa 1995 are thought to be vulnerable. Whatever processor one uses, one might seek more information from the manufacturer of that processor and/or of the device in which it runs.
The nature of the discovered vulnerabilities being quite new, the landscape of vulnerable processors can be expected to change over time, which is why this script makes the assumption that all CPUs are vulnerable, except if the manufacturer explicitly stated otherwise in a verifiable public announcement.
This tool has been released in the hope that it'll be useful, but don't use it to jump to conclusions about your security.
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
Ultima Modifica: da sabayonino.
|
-
sorcrosc
-
-
Offline
-
RAM 512 KB
-
-
Messaggi: 1142
-
Ringraziamenti ricevuti 154
-
-
-
|
Ho un VULNERABLE sul primo, cheppalle
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
sabayonino
-
-
Offline
-
Administrator
-
-
Gentoo||KDE
-
Messaggi: 5718
-
Ringraziamenti ricevuti 338
-
-
-
-
|
Riprendo il discorso che, temo , perdurerà per buona parte del 2018
Anche RedHat ha
eseguito alcuni test
sull'impatto delle patches applicate.
A quanto pare sembra che Noi scaccolatori possiamo stare abbastanza tranquilli (in termini di performance)
- Alto impatto: cache memoria, buffer I/O e carico sui database OLTP impattati del 8-19%;
- Medio impatto: Analytics sui database e macchine virtuali Java subiscono un calo del 3-7%;
- Basso impatto: HPC (High Performance Computing) e carichi di lavoro elevati sulla CPU sono impattati del 2-5%, molti dei job vengono eseguiti nello user space;
- Impatto minimo: le tecnologie che bypassano il kernel in favore dell’accesso diretto allo user space subiscono un impatto inferiore al 2%.
Sicuramente seguiranno nel prossimo futuro ulteriori test ed ulteriori patches per recuperare (si spera) le performance perdute...
Via
MMUL
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
Ultima Modifica: da sabayonino.
|
-
sabayonino
-
-
Offline
-
Administrator
-
-
Gentoo||KDE
-
Messaggi: 5718
-
Ringraziamenti ricevuti 338
-
-
-
-
|
E anche Oracle (se l'è presa un pò comoda...) va a
fixare
le vulnerabilità in questione con una serie di aggiornamenti che includono altri fix di vari bugs persi qua e là
Ci sono ancora molti server o macchine "Mission Critical" con architettura
SPARC
in giro per il mondo , molte delle quali precedententemente distribuite dalla ormai defunta Sun Microsystems (Acquisita da Oracle)
Buon aggiornamento anche per loro
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
Ultima Modifica: da sabayonino.
|
-
astroale
-
Autore della discussione
-
Offline
-
Referente QCN / Radioactive
-
-
Messaggi: 3908
-
Ringraziamenti ricevuti 106
-
-
-
|
Meltdown e Spectre: gragnola di patch
L'industria tecnologica continua ad affrontare l'emergenza dei nuovi "super-bug" annunciando un gran numero di patch a destra e a manca. Aggiornerà anche AMD, che prima si diceva immune, mentre Intel sperimenta riavvii eccessivi
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
ReLeon
-
-
Offline
-
Referente LHC (tutti i progetti)
-
-
è tutta una questione di ... Tartarughe marine!
-
Messaggi: 2357
-
Ringraziamenti ricevuti 84
-
-
-
-
|
"CPU Core di quarta (Haswell) e quinta (Broadwell) generazione costretti, loro malgrado, a sperimentare riavvii e instabilità dopo l'installazione delle patch"
siamo, anzi sono messo bene, che le ho entrambe..
Chissà se le farà ritirare per sostituirle con altre.. aspetta, che mi registro la cpu..
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
Buro87
-
-
Offline
-
RAM 512 KB
-
-
Messaggi: 1650
-
Ringraziamenti ricevuti 288
-
-
-
-
|
"CPU Core di quarta (Haswell) e quinta (Broadwell) generazione costretti, loro malgrado, a sperimentare riavvii e instabilità dopo l'installazione delle patch"
siamo, anzi sono messo bene, che le ho entrambe..
Chissà se le farà ritirare per sostituirle con altre.. aspetta, che mi registro la cpu..
forse hanno trovato il motivo dei riavvii
www.tomshw.it/intel-...eltdown-linus-torvalds-all-attacco-90984
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
astroale
-
Autore della discussione
-
Offline
-
Referente QCN / Radioactive
-
-
Messaggi: 3908
-
Ringraziamenti ricevuti 106
-
-
-
|
Meltdown, Spectre e il problema delle patch
Le aziende dell'IT sono ancora alle prese con i super-bug dei processori e le patch pensate per chiudere o mitigare le falle. In molti casi, infatti, le suddette patch rappresentano un problema per la stabilità dei sistemi coinvolti
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
sabayonino
-
-
Offline
-
Administrator
-
-
Gentoo||KDE
-
Messaggi: 5718
-
Ringraziamenti ricevuti 338
-
-
-
-
|
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
ReLeon
-
-
Offline
-
Referente LHC (tutti i progetti)
-
-
è tutta una questione di ... Tartarughe marine!
-
Messaggi: 2357
-
Ringraziamenti ricevuti 84
-
-
-
-
|
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
oscarandrea
-
-
Offline
-
RAM 128 KB
-
-
Messaggi: 86
-
Ringraziamenti ricevuti 6
-
-
-
-
|
Segnalo questo utilissimo script (aggiornato per tutte le varianti uscite successivamente) che vi permette di controllare se siete vulnerabili oppure no, funziona su Linux/*BSD
ecco l'esempio del mio pc: Password:
Spectre and Meltdown mitigation detection tool v0.37-59-gb2f64e1
Checking for vulnerabilities on current system
Kernel is Linux 4.18.2-gentoo #1 SMP Sat Aug 18 12:10:53 CEST 2018 x86_64
CPU is Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
We're missing some kernel info (see -v), accuracy might be reduced
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: YES
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
* CPU microcode is known to cause stability problems: NO (model 0x3a family 0x6 stepping 0x9 ucode 0x20 cpuid 0x306a9)
* CPU microcode is the latest known available version: YES (you have version 0x20 and latest known version is 0x20)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
* Vulnerable to Variant 3a: YES
* Vulnerable to Variant 4: YES
* Vulnerable to Variant l1tf: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for kernel and firmware code)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: UNKNOWN (couldn't read your kernel configuration)
> STATUS: NOT VULNERABLE (IBRS + IBPB are mitigating the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615/3620/3646 [L1 terminal fault] aka 'Foreshadow & Foreshadow-NG'
* Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
> STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
CPU: Intel Pentium 2020m 2.40Ghz, RAM: 4GB DDR3 1333mhz OS: GENTOO (HARDENED)
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
sabayonino
-
-
Offline
-
Administrator
-
-
Gentoo||KDE
-
Messaggi: 5718
-
Ringraziamenti ricevuti 338
-
-
-
-
|
Qui il link
github.com/speed47/spectre-meltdown-checker
$ git clone https://github.com/speed47/spectre-meltdown-checker.git # ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.39-10-gb2f64e1
Checking for vulnerabilities on current system
Kernel is Linux 4.14.63-gentoo-r1 #1 SMP Fri Aug 17 22:12:21 CEST 2018 x86_64
CPU is Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
We're missing some kernel info (see -v), accuracy might be reduced
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: arcmsr 32768 0 - Live 0xffffffffa010b000
UNKNOWN (is msr kernel module available?)
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: UNKNOWN (is msr kernel module available?)
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: UNKNOWN (is msr kernel module available?)
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: UNKNOWN (is msr kernel module available?)
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
* CPU microcode is known to cause stability problems: NO (model 0x3c family 0x6 stepping 0x3 ucode 0x25 cpuid 0x306c3)
* CPU microcode is the latest known available version: YES (you have version 0x25 and latest known version is 0x25)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
* Vulnerable to Variant 3a: YES
* Vulnerable to Variant 4: YES
* Vulnerable to Variant l1tf: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for kernel and firmware code)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615/3620/3646 [L1 terminal fault] aka 'Foreshadow & Foreshadow-NG'
* Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
> STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
Ultima Modifica: da sabayonino.
|
-
oscarandrea
-
-
Offline
-
RAM 128 KB
-
-
Messaggi: 86
-
Ringraziamenti ricevuti 6
-
-
-
-
|
Qui il link
github.com/speed47/spectre-meltdown-checker
$ git clone https://github.com/speed47/spectre-meltdown-checker.git # ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.39-10-gb2f64e1
Checking for vulnerabilities on current system
Kernel is Linux 4.14.63-gentoo-r1 #1 SMP Fri Aug 17 22:12:21 CEST 2018 x86_64
CPU is Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
We're missing some kernel info (see -v), accuracy might be reduced
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: arcmsr 32768 0 - Live 0xffffffffa010b000
UNKNOWN (is msr kernel module available?)
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: UNKNOWN (is msr kernel module available?)
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: UNKNOWN (is msr kernel module available?)
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: UNKNOWN (is msr kernel module available?)
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
* CPU microcode is known to cause stability problems: NO (model 0x3c family 0x6 stepping 0x3 ucode 0x25 cpuid 0x306c3)
* CPU microcode is the latest known available version: YES (you have version 0x25 and latest known version is 0x25)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
* Vulnerable to Variant 3a: YES
* Vulnerable to Variant 4: YES
* Vulnerable to Variant l1tf: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for kernel and firmware code)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615/3620/3646 [L1 terminal fault] aka 'Foreshadow & Foreshadow-NG'
* Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
> STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
eh si mi ero scordato del link ahaha
CPU: Intel Pentium 2020m 2.40Ghz, RAM: 4GB DDR3 1333mhz OS: GENTOO (HARDENED)
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
sabayonino
-
-
Offline
-
Administrator
-
-
Gentoo||KDE
-
Messaggi: 5718
-
Ringraziamenti ricevuti 338
-
-
-
-
|
@oscarandrea
Nel portage tree : app-admin/spectre-meltdown-checker
Available versions: ~0.39 **9999
Homepage: https://github.com/speed47/spectre-meltdown-checker
Description: Spectre & Meltdown vulnerability/mitigation checker for Linux
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
-
xdarma
-
-
Offline
-
Referente Climate
-
-
...dove il mondo diventa mancino...
-
Messaggi: 1047
-
Ringraziamenti ricevuti 85
-
-
-
|
Un modo più rozzo ma che non necessita di software esterni è: $ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal AMD ASM retpoline, IBPB $ uname -rp
4.15.13-gentoo.s1 AMD Ryzen 7 1700 Eight-Core Processor Foreshadow e L1TF sono varianti di meltdown, quindi i processori amd ne sono immuni.
|
Si prega Accedi o Crea un account a partecipare alla conversazione.
|
Moderatori: campos, ReLeon
Tempo creazione pagina: 0.322 secondi