It is currently 29 Mar 2024, 00:02




 Page 1 of 1 [ 9 posts ] 
Author Message
 Post subject: SPECTRE and MELTDOWN CPU flaws (fully patched now!)
PostPosted: 09 Jan 2018, 06:33 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Just a quick notice that LDDb server has been rebooted with a fresh Linux Kernel including the mitigation patches again recently published Intel CPU flaws:

http://www.lddb.com/history.php?version=3.1


We're running 4.14.12 now with all patches for Intel turned on.

Hopefully the performance decrease linked with the extra security will not slow everything down too much.

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: SPECTRE and MELTDOWN CPU flaws
PostPosted: 11 Jan 2018, 03:41 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Will keep patching as the fixes become available.

Current status:

Quote:
Spectre and Meltdown mitigation detection tool v0.24

Checking for vulnerabilities against live running kernel Linux 4.14.12 #1 SMP Sun Jan 7 15:41:58 CET 2018 x86_64

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: NO (only 43 opcodes found, should be >= 70)
> STATUS: VULNERABLE (heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: NO
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)


CPU microcode will be updated at the next required reboot, probably for Linux 4.15 imminent release.

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: SPECTRE and MELTDOWN CPU flaws
PostPosted: 13 Jan 2018, 07:30 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Script updated (v0.24 to v0.28)

Quote:
Spectre and Meltdown mitigation detection tool v0.28

Checking for vulnerabilities against running kernel Linux 4.14.12 #1 SMP Sun Jan 7 15:41:58 CET 2018 x86_64
CPU is Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: NO
> STATUS: VULNERABLE (only 22 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: NO
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: SPECTRE and MELTDOWN CPU flaws
PostPosted: 14 Jan 2018, 10:06 
Absolute fan
Absolute fan
User avatar

Joined: 02 May 2006, 13:59
Posts: 1652
Location: United Kingdom
Has thanked: 86 times
Been thanked: 69 times
Good day Julien,

I have been ready about the Intel Chip flaws with some concern.

Thank you for your professional reassurances as always Friend,

Apart from the above how is life and are you doing well personally and with your businesses.

Sincerest Regards

Mark
_________________
Το ταξίδι για την αλήθεια κάθε σκάφος δεμένα, κατόπιν δεν είναι να ληφθούν, ή μάλλον βάδισαν
Offline
 Profile  
 
 Post subject: Re: SPECTRE and MELTDOWN CPU flaws
PostPosted: 15 Jan 2018, 13:06 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Script updated (v0.28 to v0.31)

Quote:
Spectre and Meltdown mitigation detection tool v0.31

Checking for vulnerabilities against running kernel Linux 4.14.12 #1 SMP Sun Jan 7 15:41:58 CET 2018 x86_64
CPU is Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: NO
> STATUS: VULNERABLE (only 22 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation
* The SPEC_CTRL MSR is available: NO
* The SPEC_CTRL CPUID feature bit is set: NO
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Checking if we're running under Xen PV (64 bits): NO
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: SPECTRE and MELTDOWN CPU flaws
PostPosted: 29 Jan 2018, 10:26 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
admin wrote:
CPU microcode will be updated at the next required reboot, probably for Linux 4.15 imminent release.


Linux Kernel 4.15 was released today: http://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltdown-and-spectre/

Will schedule a server reboot as soon as practical.

Script updated (v0.31 to v0.33)

Quote:
Spectre and Meltdown mitigation detection tool v0.33

Checking for vulnerabilities on current system
Kernel is Linux 4.14.12 #1 SMP Sun Jan 7 15:41:58 CET 2018 x86_64
CPU is Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: NO
> STATUS: VULNERABLE (only 22 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
* Retpoline enabled: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Checking if we're running under Xen PV (64 bits): NO
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)


Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: SPECTRE and MELTDOWN CPU flaws
PostPosted: 30 Jan 2018, 07:52 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Just rebooted with Kernel 4.15.

Baby steps...

Quote:
Spectre and Meltdown mitigation detection tool v0.33+

Checking for vulnerabilities on current system
Kernel is Linux 4.15.0 #1 SMP Mon Jan 29 05:15:04 CET 2018 x86_64
CPU is Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable)
> STATUS: VULNERABLE (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: NO (kernel reports minimal retpoline compilation)
* Retpoline enabled: YES
> STATUS: VULNERABLE (Vulnerable: Minimal generic ASM retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)


Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: SPECTRE and MELTDOWN CPU flaws
PostPosted: 14 Aug 2018, 09:32 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Just rebooted with Kernel 4.18.

Quote:
Spectre and Meltdown mitigation detection tool v0.39

Checking for vulnerabilities on current system
Kernel is Linux 4.18.0 #1 SMP Mon Aug 13 10:08:29 CEST 2018 x86_64
CPU is Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
* CPU microcode is known to cause stability problems: NO (model 0x3c family 0x6 stepping 0x3 ucode 0x24 cpuid 0x306c3)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
* Vulnerable to Variant 3a: YES
* Vulnerable to Variant 4: YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for kernel and firmware code)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)

CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: NO
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)

CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: NO (Vulnerable)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: VULNERABLE (Your CPU doesn't support SSBD)



Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: SPECTRE and MELTDOWN CPU flaws
PostPosted: 24 Dec 2018, 17:00 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Just rebooted with Kernel 4.20 Xmas release!

Quote:
Spectre and Meltdown mitigation detection tool v0.40

Checking for vulnerabilities on current system
Kernel is Linux 4.20.0 #1 SMP Mon Dec 24 15:10:08 CET 2018 x86_64
CPU is Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: YES
* CPU indicates L1D flush capability: YES (L1D flush feature bit)
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU microcode is known to cause stability problems: NO (model 0x3c family 0x6 stepping 0x3 ucode 0x25 cpuid 0x306c3)
* CPU microcode is the latest known available version: YES (latest version is 0x25 dated 2018/04/02 according to builtin MCExtractor DB v84 - 2018/09/27)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
* Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
* Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for kernel and firmware code)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)

CVE-2018-3640 [rogue system register read] aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)

CVE-2018-3639 [speculative store bypass] aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: YES
> STATUS: NOT VULNERABLE (Mitigation: PTE Inversion)

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: VMX: conditional cache flushes, SMT vulnerable
* This system is a host running an hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: NO
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
* L1D flush enabled: YES (conditional flushes)
* Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
* Hyper-Threading (SMT) is enabled: YES
> STATUS: NOT VULNERABLE (this system is not running an hypervisor)

> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK


Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 1 of 1 [ 9 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: