Re: CVE-2017-5715

To: debian-security@lists.debian.org
Subject: Re: CVE-2017-5715
From: Georgi Naplatanov <gosho@oles.biz>
Date: Wed, 23 Mar 2022 17:58:09 +0200
Message-id: <[🔎] ffe6b46c-0dc9-67c0-8af8-59ee57788624@oles.biz>
In-reply-to: <[🔎] CAGEayXMP-KXznSyFkf44ydT8Mxo=Xq9SoEiJX=yfXKUdYzE_+g@mail.gmail.com>
References: <[🔎] a959b794-e226-1dbd-45ec-ff727601db36@oles.biz> <[🔎] 5f697f73-192f-4bed-975f-20466a99046d@gmx.com> <[🔎] fc5189eb-4105-5e73-fc0a-ec0bf7b19b67@oles.biz> <[🔎] CAGEayXMP-KXznSyFkf44ydT8Mxo=Xq9SoEiJX=yfXKUdYzE_+g@mail.gmail.com>


On 3/23/22 17:41, Leandro Cunha wrote:
> Hi,
> 
> On Wed, Mar 23, 2022 at 11:47 AM Georgi Naplatanov <gosho@oles.biz> wrote:
>>
>> On 3/23/22 15:58, piorunz wrote:
>>> On 12/03/2022 09:48, Georgi Naplatanov wrote:
>>>
>>>> spectre-meltdown-checker script reports that my system is vulnerable to
>>>> CVE-2017-5715. My CPU is Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
>>>>
>>>> Is this normal?
>>>>
>>>> In the past all checks from spectre-meltdown-checker were green (my
>>>> system was not vulnerable).
>>>
>>> Is your vulnerability  shown as follows?
>>>
>>> CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
>>> * Mitigated according to the /sys interface:  YES  (Mitigation:
>>> Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
>>> * Mitigation 1
>>>   * Kernel is compiled with IBRS support:  YES
>>>     * IBRS enabled and active:  YES  (for firmware code only)
>>>   * Kernel is compiled with IBPB support:  YES
>>>     * IBPB enabled and active:  YES
>>> * Mitigation 2
>>>   * Kernel has branch predictor hardening (arm):  NO
>>>   * Kernel compiled with retpoline option:  YES
>>>   * Kernel supports RSB filling:  YES
>>>> STATUS:  VULNERABLE  (IBRS+IBPB or retpoline+IBPB+RSB filling, is
>>> needed to mitigate the vulnerability)
>>>
>>
>> Yes, it seems the same but to avoid possible confusion/mistake I'm
>> pasting the output below:
>>
>>
>> CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
>> * Mitigated according to the /sys interface:  YES  (Mitigation:
>> Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
>> * Mitigation 1
>>   * Kernel is compiled with IBRS support:  YES
>>     * IBRS enabled and active:  YES  (for firmware code only)
>>   * Kernel is compiled with IBPB support:  YES
>>     * IBPB enabled and active:  YES
>> * Mitigation 2
>>   * Kernel has branch predictor hardening (arm):  NO
>>   * Kernel compiled with retpoline option:  YES
>>   * Kernel supports RSB filling:  YES
>>> STATUS:  VULNERABLE  (IBRS+IBPB or retpoline+IBPB+RSB filling, is
>> needed to mitigate the vulnerability)
>>
> 
> Please, take into consideration what is in the link and you can consult through
> it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
> 

Hey Leandro,

I'm using kernel 5.10.103-1

and intel-microcode 3.20210608.2

but spectre-meltdown-checker reports that my system is vulnerable.

Could you clarify what you meant?

Kind regards
Georgi

Reply to:

References:
- CVE-2017-5715
  - From: Georgi Naplatanov <gosho@oles.biz>
- Re: CVE-2017-5715
  - From: piorunz <piorunz@gmx.com>
- Re: CVE-2017-5715
  - From: Georgi Naplatanov <gosho@oles.biz>
- Re: CVE-2017-5715
  - From: Leandro Cunha <leandrocunha016@gmail.com>

Prev by Date: Re: CVE-2017-5715
Next by Date: Re: CVE-2017-5715
Previous by thread: Re: CVE-2017-5715
Next by thread: Re: CVE-2017-5715
Index(es):
- Date
- Thread