Re: CVE-2017-5715
On 3/23/22 17:41, Leandro Cunha wrote:
> Hi,
>
> On Wed, Mar 23, 2022 at 11:47 AM Georgi Naplatanov <gosho@oles.biz> wrote:
>>
>> On 3/23/22 15:58, piorunz wrote:
>>> On 12/03/2022 09:48, Georgi Naplatanov wrote:
>>>
>>>> spectre-meltdown-checker script reports that my system is vulnerable to
>>>> CVE-2017-5715. My CPU is Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
>>>>
>>>> Is this normal?
>>>>
>>>> In the past all checks from spectre-meltdown-checker were green (my
>>>> system was not vulnerable).
>>>
>>> Is your vulnerability shown as follows?
>>>
>>> CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
>>> * Mitigated according to the /sys interface: YES (Mitigation:
>>> Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
>>> * Mitigation 1
>>> * Kernel is compiled with IBRS support: YES
>>> * IBRS enabled and active: YES (for firmware code only)
>>> * Kernel is compiled with IBPB support: YES
>>> * IBPB enabled and active: YES
>>> * Mitigation 2
>>> * Kernel has branch predictor hardening (arm): NO
>>> * Kernel compiled with retpoline option: YES
>>> * Kernel supports RSB filling: YES
>>>> STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, is
>>> needed to mitigate the vulnerability)
>>>
>>
>> Yes, it seems the same but to avoid possible confusion/mistake I'm
>> pasting the output below:
>>
>>
>> CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
>> * Mitigated according to the /sys interface: YES (Mitigation:
>> Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
>> * Mitigation 1
>> * Kernel is compiled with IBRS support: YES
>> * IBRS enabled and active: YES (for firmware code only)
>> * Kernel is compiled with IBPB support: YES
>> * IBPB enabled and active: YES
>> * Mitigation 2
>> * Kernel has branch predictor hardening (arm): NO
>> * Kernel compiled with retpoline option: YES
>> * Kernel supports RSB filling: YES
>>> STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, is
>> needed to mitigate the vulnerability)
>>
>
> Please, take into consideration what is in the link and you can consult through
> it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
>
Hey Leandro,
I'm using kernel 5.10.103-1
and intel-microcode 3.20210608.2
but spectre-meltdown-checker reports that my system is vulnerable.
Could you clarify what you meant?
Kind regards
Georgi
Reply to: