Meltdown -Spectre test results
Hi all,
When will this be fixed with Zenwalk? I like this os Thanks bash-4.4$ su Password: bash-4.4# ./spectre-meltdown-checker.sh Spectre and Meltdown mitigation detection tool v0.35 Checking for vulnerabilities on current system Kernel is Linux 4.9.67 #2 SMP Tue Dec 5 16:29:07 CST 2017 x86_64 CPU is Intel(R) Core(TM) i5-3340M CPU @ 2.70GHz Hardware check * Hardware support (CPU microcode) for mitigation techniques * Indirect Branch Restricted Speculation (IBRS) * SPEC_CTRL MSR is available: NO * CPU indicates IBRS capability: NO * Indirect Branch Prediction Barrier (IBPB) * PRED_CMD MSR is available: NO * CPU indicates IBPB capability: NO * Single Thread Indirect Branch Predictors (STIBP) * SPEC_CTRL MSR is available: NO * CPU indicates STIBP capability: NO * Enhanced IBRS (IBRS_ALL) * CPU indicates ARCH_CAPABILITIES MSR availability: NO * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO * CPU microcode is known to cause stability problems: NO (model 58 stepping 9 ucode 0x15) * CPU vulnerability to the three speculative execution attacks variants * Vulnerable to Variant 1: YES * Vulnerable to Variant 2: YES * Vulnerable to Variant 3: YES CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Kernel has array_index_mask_nospec: NO * Kernel has the Red Hat/Ubuntu patch: NO * Checking count of LFENCE instructions following a jump in kernel... NO (only 18 jump-then-lfence instructions found, should be >= 30 (heuristic)) > STATUS: VULNERABLE (Kernel source needs to be patched to mitigate the vulnerability) CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigation 1 * Kernel is compiled with IBRS/IBPB support: NO * Currently enabled features * IBRS enabled for Kernel space: NO * IBRS enabled for User space: NO * IBPB enabled: NO * Mitigation 2 * Kernel compiled with retpoline option: NO * Kernel compiled with a retpoline-aware compiler: NO > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability) CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Kernel supports Page Table Isolation (PTI): NO * PTI enabled and active: NO * Running as a Xen PV DomU: NO > STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability) A false sense of security is worse than no security at all, see --disclaimer bash-4.4# |
This is a problem with the CPU.
Bios Update or microcode update. |
Thanks
|
All times are GMT -5. The time now is 08:41 PM. |