Re: CVE-2017-5715
Hi,
On Wed, Mar 23, 2022 at 11:17:41PM +0200, Georgi Naplatanov wrote:
> On 3/23/22 22:43, Leandro Cunha wrote:
> > Hi,
> >
> > On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <gosho@oles.biz> wrote:
> >>
> >> On 3/23/22 18:35, piorunz wrote:
> >>> On 23/03/2022 15:41, Leandro Cunha wrote:
> >>>
> >>>> Please, take into consideration what is in the link and you can
> >>>> consult through
> >>>> it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715
> >>>
> >>> Leandro,
> >>> I've been on this website before I posted with spectre-meltdown-checker
> >>> results. I have vulnerable status just like author of this topic. I am
> >>> on intel-microcode 3.20210608.2, and by the look of it, this bug
> >>> supposed to be fixed in:
> >>>
> >>> "intel-microcode: Some microcode updates to partially adress
> >>> CVE-2017-5715 included in 3.20171215.1
> >>> Further updates in 3.20180312.1"
> >>>
> >>> So my version of microcode is 3-4 years newer than that.
> >>>
> >>> Is it microcode problem, or spectre-meltdown-checker displaying wrong
> >>> information, or something else entirely?
> >>>
> >>
> >> I want to mention that on the same computer with kernel Debian 5.10.92-2
> >>
> >> spectre-meltdown-checker
> >>
> >> reports that the system is not vulnerable to CVE-2017-5715
> >>
> >> Kind regards
> >> Georgi
> >>
> >
> > This script is reporting an already patched CVE as vulnerable.
>
>
> Are you sure this behavior on 5.10.103-1 is not some kind of regression?
> What is the evidence that vulnerability is still fixed?
See: https://github.com/speed47/spectre-meltdown-checker/issues/420
(Background of this is
https://www.vusec.net/projects/bhi-spectre-bhb/).
Regards,
Salvatore
Reply to: