latest Meltdown and Spectre patched kernels available

Forum Forums News Announcements latest Meltdown and Spectre patched kernels available

  • This topic has 5 replies, 4 voices, and was last updated Feb 28-11:19 pm by rokytnji.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • February 22, 2018 at 4:23 am #6838
    Forum Admin
    anticapitalista

      These versions are now available for both 32 (486 and 686-pae) and 64 bit architecture
      for all flavours.

      4.15.5 stretch, testing, sid
      4.9.83 jessie (antiX-16), stretch, testing, sid

      latest-meltdown-and-spectre-patched-kernels-available/

      • This topic was modified 5 years, 2 months ago by anticapitalista. Reason: latest 26.02.1028

      Philosophers have interpreted the world in many ways; the point is to change it.

      antiX with runit - leaner and meaner.

      February 26, 2018 at 11:04 am #6973
      Forum Admin
      anticapitalista
        Helpful
        Up
        0
        ::

        *bump* Latest versions added.

        These will be use on upcoming antiX-17.1

        Philosophers have interpreted the world in many ways; the point is to change it.

        antiX with runit - leaner and meaner.

        February 27, 2018 at 11:24 am #7009
        Member
        fatmac
          Helpful
          Up
          0
          ::

          Thanks again, just got my other computers up to 4.15.4 today, so will upgrade again. 🙂

          Linux (& BSD) since 1999

          February 27, 2018 at 12:06 pm #7011
          Forum Admin
          rokytnji
            Helpful
            Up
            0
            ::

            Well. Good and Bad news. I’m a begger. So I aint choosey. I always like gift horses.

            harry@biker:~
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
harry@biker:~
$ uname -r
4.9.83-antix.1-686-smp-pae
harry@biker:~
$ cd /tmp/
harry@biker:/tmp
$  wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
--2018-02-27 13:01:23--  https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.184.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.184.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 66402 (65K) [text/plain]
Saving to: ‘spectre-meltdown-checker.sh’

spectre-meltdown-checker 100%[====================================>]  64.85K   362KB/s   in 0.2s   

2018-02-27 13:01:24 (362 KB/s) - ‘spectre-meltdown-checker.sh’ saved [66402/66402]

harry@biker:/tmp
$ sudo sh spectre-meltdown-checker.sh
[sudo] password for harry: 
Spectre and Meltdown mitigation detection tool v0.35

Checking for vulnerabilities on current system
Kernel is Linux 4.9.83-antix.1-686-smp-pae #2 SMP Sat Feb 24 00:55:45 EET 2018 i686
CPU is Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 58 stepping 9 ucode 0x12)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 32 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  YES 
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
* Kernel supports Page Table Isolation (PTI):  NO 
* PTI enabled and active:  NO 
* Running as a Xen PV DomU:  NO 
> STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer
harry@biker:/tmp
$

            Thanks Anti.

            Sometimes I drive a crooked road to get my mind straight.
            Not all who Wander are Lost.
            I'm not outa place. I'm from outer space.

            Linux Registered User # 475019
            How to Search for AntiX solutions to your problems

            February 27, 2018 at 8:31 pm #7026
            Anonymous
              Helpful
              Up
              0
              ::

              Howdy,

              Alright new hard drive and fresh install of antix 17 base (64 bit) and the new 4.15.5 kernel and here’s my output.

              thomas@Dell-Optiplex-360:/tmp
$ sudo sh spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.35

Checking for vulnerabilities on current system
Kernel is Linux 4.15.5-antix.1-amd64-smp #2 SMP PREEMPT Fri Feb 23 12:27:47 EET 2018 x86_64
CPU is Intel(R) Core(TM)2 CPU          6300  @ 1.86GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 15 stepping 6 ucode 0xcb)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  YES 
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
thomas@Dell-Optiplex-360:/tmp
$

              Thanks for keeping us secure.

              February 28, 2018 at 11:19 pm #7094
              Forum Admin
              rokytnji
                Helpful
                Up
                0
                ::

                Using cli-aptiX to install 4.15.5 tonight on my newly installed AntiX 64 bit Chomebook C710.

                harry@biker:~
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
harry@biker:~
$ uname -r
4.15.5-antix.1-amd64-smp

                Sometimes I drive a crooked road to get my mind straight.
                Not all who Wander are Lost.
                I'm not outa place. I'm from outer space.

                Linux Registered User # 475019
                How to Search for AntiX solutions to your problems

              • Author
                Posts
              Viewing 6 posts - 1 through 6 (of 6 total)
              • You must be logged in to reply to this topic.