Re: CVE-2017-5715
Hi,
On Wed, Mar 23, 2022 at 11:47 AM Georgi Naplatanov <gosho@oles.biz> wrote:
>
> On 3/23/22 15:58, piorunz wrote:
> > On 12/03/2022 09:48, Georgi Naplatanov wrote:
> >
> >> spectre-meltdown-checker script reports that my system is vulnerable to
> >> CVE-2017-5715. My CPU is Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
> >>
> >> Is this normal?
> >>
> >> In the past all checks from spectre-meltdown-checker were green (my
> >> system was not vulnerable).
> >
> > Is your vulnerability shown as follows?
> >
> > CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
> > * Mitigated according to the /sys interface: YES (Mitigation:
> > Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
> > * Mitigation 1
> > * Kernel is compiled with IBRS support: YES
> > * IBRS enabled and active: YES (for firmware code only)
> > * Kernel is compiled with IBPB support: YES
> > * IBPB enabled and active: YES
> > * Mitigation 2
> > * Kernel has branch predictor hardening (arm): NO
> > * Kernel compiled with retpoline option: YES
> > * Kernel supports RSB filling: YES
> >> STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, is
> > needed to mitigate the vulnerability)
> >
>
> Yes, it seems the same but to avoid possible confusion/mistake I'm
> pasting the output below:
>
>
> CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
> * Mitigated according to the /sys interface: YES (Mitigation:
> Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
> * Mitigation 1
> * Kernel is compiled with IBRS support: YES
> * IBRS enabled and active: YES (for firmware code only)
> * Kernel is compiled with IBPB support: YES
> * IBPB enabled and active: YES
> * Mitigation 2
> * Kernel has branch predictor hardening (arm): NO
> * Kernel compiled with retpoline option: YES
> * Kernel supports RSB filling: YES
> > STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, is
> needed to mitigate the vulnerability)
>
Please, take into consideration what is in the link and you can consult through
it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
--
Cheers,
Leandro Cunha
Software Engineer and Debian Contributor⠀⠀⠀
Reply to: