Re: Question on CVE-2017-5754 on Debian 8.9
Nicholas Geovanis <nickgeovanis@gmail.com> wrote:
> On Tue, Jan 23, 2018 at 3:16 PM, Sven Hartge <sven@svenhartge.de> wrote:
>> Nicholas Geovanis <nickgeovanis@gmail.com> wrote:
>>> I've installed the patch for CVE-2017-5754 as well as the microcode update:
>> So, right now, unless you have the latest bleeding edge kernel, compiled
>> with a repoline-aware pre-release GCC, you will be vulnerable for
>> CVE-2017-5753 (Spectre#1) and CVE-2017-5715 (Spectre#2) for quite some
>> time.
> Correct. But the installed fixes were for CVE-2017-5754 as I
> mentioned, not for those two.
Sure. But there is no Microcode update fixing or even mitigating
CVE-2017-5754 (Meltdown). KPTI (or VA Shadowing as Microsoft calls it)
is the only workaround on affected CPUs (at the moment).
>>> And yet, the widely-recommended test script at
>>> https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
>>
>> It gets developed quite rapidly, maybe you got a version which was
>> not correctly functioning at that moment, giving that you download
>> the script from the master-branch instead of one of the tagged
>> releases.
> OK, I'll do that again to ensure that I have the right one. Thanks
> very much.
I can say: works for me, version
3e454f1817c447baab60990fc5c4b11ca9880c73 (Tue Jan 23 22:20:34 2018
+0100) on Linux 4.14.0-3-amd64 #1 SMP Debian 4.14.13-1 (2018-01-14)
x86_64 GNU/Linux
Grüße,
Sven.
--
Sigmentation fault. Core dumped.
Reply to: