[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question on CVE-2017-5754 on Debian 8.9

On Tue, Jan 23, 2018 at 3:16 PM, Sven Hartge <sven@svenhartge.de> wrote:
> Nicholas Geovanis <nickgeovanis@gmail.com> wrote:
>
>> I've installed the patch for CVE-2017-5754 as well as the microcode update:
>
> So, right now, unless you have the latest bleeding edge kernel, compiled
> with a repoline-aware pre-release GCC, you will be vulnerable for
> CVE-2017-5753 (Spectre#1) and CVE-2017-5715 (Spectre#2) for quite some
> time.
>

Correct. But the installed fixes were for CVE-2017-5754 as I
mentioned, not for those two.

>> And yet, the widely-recommended test script at
>> https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
>
> Did you run the script as root?

Yes.

> Did you use the most recent version of
> it?

Yes.

> It gets developed quite rapidly, maybe you got a version which was
> not correctly functioning at that moment, giving that you download the
> script from the master-branch instead of one of the tagged releases.

OK, I'll do that again to ensure that I have the right one. Thanks very much.

> S°
>
> --
> Sigmentation fault. Core dumped.
>
Reply to: