[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: intel-microcode not fixing CVE-2018-3640, CVE-2018-3615 on Debian 10?

On Wed, Jan 13, 2021 at 09:49:43PM +0100, Christoph Pflügler wrote:
[    0.000000] microcode: microcode updated early to revision 0xd6, date = 2019-10-03
[    0.379026] SRBDS: Vulnerable: No microcode
[    1.625090] microcode: sig=0x506e3, pf=0x2, revision=0xd6
[    1.625215] microcode: Microcode Update Driver: v2.2.

Seems like the microcode is applied to my CPUs. This is also supported by numerous other CVEs getting mitigated after intel-microcode installation.

That's exactly the same signature I was testing with different results:
microcode: sig=0x506e3, pf=0x2, revision=0xd6

The only way I can get your results is to run unprivileged, but you said you weren't doing that. The checks for 3640 and 3615 are basically just looking for SSBD; in the top section the line that says "CPU indicates SSBD capability" presumably says something other than "YES (Intel SSBD)"?
I also tried the latest meltdown-spectre-checker (v0.44), the results are the same (plus another red 2020 CVE).

This is presumably CVE-2020-0543; if you look at the changelog for intel-microcode it discusses that issue. You can install the backports version which should fix that at the risk of a boot failure.

Reply to: