On Di, Feb 20, 2018 at 05:09:12 +0000, Andy Smith wrote:
CVE-2017-5753 is Spectre v1. There is no fix for Spectre v1 anywhere yet, not even in Linux upstream.
Are you sure? CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active) * Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec()) * Checking count of LFENCE instructions following a jump in kernel: NO (only 3 jump-then-lfence instructions found, should be >= 30 (heuristic))
STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
Kernel is Linux 4.15.4 #1 SMP Sat Feb 17 23:19:56 CET 2018 x86_64, compiled myself with gcc 7.3 from testing.
According to spectre-meltdown-checker all three vulnerabilities are mitigated.
Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature