Re: intel-microcode not fixing CVE-2018-3640, CVE-2018-3615 on Debian 10?
On Wed, Jan 13, 2021 at 09:49:43PM +0100, Christoph Pflügler wrote:
[ 0.000000] microcode: microcode updated early to revision 0xd6,
date = 2019-10-03
[ 0.379026] SRBDS: Vulnerable: No microcode
[ 1.625090] microcode: sig=0x506e3, pf=0x2, revision=0xd6
[ 1.625215] microcode: Microcode Update Driver: v2.2.
Seems like the microcode is applied to my CPUs. This is also supported
by numerous other CVEs getting mitigated after intel-microcode
That's exactly the same signature I was testing with different results:
microcode: sig=0x506e3, pf=0x2, revision=0xd6
The only way I can get your results is to run unprivileged, but you said
you weren't doing that. The checks for 3640 and 3615 are basically just
looking for SSBD; in the top section the line that says "CPU indicates
SSBD capability" presumably says something other than "YES (Intel SSBD)"?
I also tried the latest meltdown-spectre-checker (v0.44), the results
are the same (plus another red 2020 CVE).
This is presumably CVE-2020-0543; if you look at the changelog for
intel-microcode it discusses that issue. You can install the backports
version which should fix that at the risk of a boot failure.