With an E3 v5, linux 4.19.0-13, and intel-microcode 3.20200616.1 the
checker reports green for those checks on my test system. Do you have
the latest spectre-meltdown-checker, and are you running it as root?
If I run the current version as an unprivileged user those checks
come up red (presumably because it can't read the cpu registers it is
trying to read).
spectre-meltdown-checker:all/buster 0.42-1 uptodate, installed from
Debian repository.
Yes, I executed it as root (su -> <passwd> ->
spectre-meltdown-checker). I get exactly the same results running it
as an unprivileged user. This is what spectre-meltdown-checker, run as
root, shows for the two CVEs:
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: VULNERABLE (your CPU supports SGX and the microcode is
not up to date)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: NO
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to
mitigate this vulnerability)
Linux version is also 4.19.0-13-amd64.
Both my instances are (almost) fresh installations (GNOME) based on
recently released debian-10.7.0-amd64-netinst.iso.