Re: CVE-2017-5715

To: debian-security@lists.debian.org
Subject: Re: CVE-2017-5715
From: piorunz <piorunz@gmx.com>
Date: Wed, 23 Mar 2022 13:58:51 +0000
Message-id: <[🔎] 5f697f73-192f-4bed-975f-20466a99046d@gmx.com>
In-reply-to: <[🔎] a959b794-e226-1dbd-45ec-ff727601db36@oles.biz>
References: <[🔎] a959b794-e226-1dbd-45ec-ff727601db36@oles.biz>

On 12/03/2022 09:48, Georgi Naplatanov wrote:

spectre-meltdown-checker script reports that my system is vulnerable to
CVE-2017-5715. My CPU is Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz

Is this normal?

In the past all checks from spectre-meltdown-checker were green (my
system was not vulnerable).


Is your vulnerability  shown as follows?

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface:  YES  (Mitigation:
Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
* Mitigation 1
  * Kernel is compiled with IBRS support:  YES
    * IBRS enabled and active:  YES  (for firmware code only)
  * Kernel is compiled with IBPB support:  YES
    * IBPB enabled and active:  YES
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO
  * Kernel compiled with retpoline option:  YES
  * Kernel supports RSB filling:  YES
> STATUS:  VULNERABLE  (IBRS+IBPB or retpoline+IBPB+RSB filling, is
needed to mitigate the vulnerability)

--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀⠀⠀

Reply to:

Follow-Ups:
- Re: CVE-2017-5715
  - From: Georgi Naplatanov <gosho@oles.biz>

References:
- CVE-2017-5715
  - From: Georgi Naplatanov <gosho@oles.biz>

Prev by Date: Upcoming oldstable point release (10.12)
Next by Date: Re: CVE-2017-5715
Previous by thread: CVE-2017-5715
Next by thread: Re: CVE-2017-5715
Index(es):
- Date
- Thread