[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2017-5715

On 3/23/22 22:43, Leandro Cunha wrote:
> Hi,
> 
> On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <gosho@oles.biz> wrote:
>>
>> On 3/23/22 18:35, piorunz wrote:
>>> On 23/03/2022 15:41, Leandro Cunha wrote:
>>>
>>>> Please, take into consideration what is in the link and you can
>>>> consult through
>>>> it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
>>>
>>> Leandro,
>>> I've been on this website before I posted with spectre-meltdown-checker
>>> results. I have vulnerable status just like author of this topic. I am
>>> on intel-microcode 3.20210608.2, and by the look of it, this bug
>>> supposed to be fixed in:
>>>
>>> "intel-microcode: Some microcode updates to partially adress
>>> CVE-2017-5715 included in 3.20171215.1
>>> Further updates in 3.20180312.1"
>>>
>>> So my version of microcode is 3-4 years newer than that.
>>>
>>> Is it microcode problem, or spectre-meltdown-checker displaying wrong
>>> information, or something else entirely?
>>>
>>
>> I want to mention that on the same computer with kernel Debian 5.10.92-2
>>
>> spectre-meltdown-checker
>>
>> reports that the system is not vulnerable to CVE-2017-5715
>>
>> Kind regards
>> Georgi
>>
> 
> This script is reporting an already patched CVE as vulnerable.


Are you sure this behavior on 5.10.103-1 is not some kind of regression?
What is the evidence that vulnerability is still fixed?


Kind regards
Georgi
Reply to: