Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

To: debian-user@lists.debian.org
Subject: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
From: Andy Smith <andy@strugglers.net>
Date: Tue, 20 Feb 2018 15:09:55 +0000
Message-id: <[🔎] 20180220150955.GI3124@bitfolk.com>
In-reply-to: <[🔎] 20180220T100635.GA.f5ea7.stse@fsing.rootsland.net>
References: <[🔎] CANnei0F3OU1S1A7cFhP9kC=s6SpLktkFvQdvCf106X02xc=Cdg@mail.gmail.com> <[🔎] 20180219141017.xxnjvae3iufcyehn@eeg.ccf.org> <[🔎] CANc=Sd2YG21LLdF6T_3Qz4DV84QqDOsUWDY5r-WM83ASrD6aiA@mail.gmail.com> <[🔎] 20180219192447.ef2080e7467bcea34851214f@freenet.de> <[🔎] CANc=Sd17NfvEc1j-G6tmVaMb1ZmjeO1JCBm2E_aeg=C3rF5QfQ@mail.gmail.com> <[🔎] 20180219201018.5ea0f4f9a6235fbfb5b4328f@freenet.de> <[🔎] CANc=Sd2SaxAh0RNUhtvvPxL-KABLU0xmqq+r7AKNLDeWj0Hg5Q@mail.gmail.com> <[🔎] 20180220050912.GG3124@bitfolk.com> <[🔎] 20180220T100635.GA.f5ea7.stse@fsing.rootsland.net>

Hi Stephen,

On Tue, Feb 20, 2018 at 10:09:52AM +0100, Stephan Seitz wrote:
> On Di, Feb 20, 2018 at 05:09:12 +0000, Andy Smith wrote:
> >CVE-2017-5753 is Spectre v1. There is no fix for Spectre v1 anywhere
> >yet, not even in Linux upstream.
> 
> Are you sure?

[…]

> >STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
> 
> Kernel is Linux 4.15.4 #1 SMP Sat Feb 17 23:19:56 CET 2018 x86_64, compiled
> myself with gcc 7.3 from testing.

Ah, I think you might be right that the known exploit for Spectre v1
is fixed now.

The commit message¹ speaks of infrastructure for future mitigations,
I think because further exploits are expected to be thought up for
this, but when they do I imagine they will have their own CVE
numbers (and names :)).

Cheers,
Andy

¹ https://lkml.org/lkml/2018/1/20/152

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

References:
- Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Turritopsis Dohrnii Teo En Ming <tdteoenming@gmail.com>
- Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Michael Lange <klappnase@freenet.de>
- Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Michael Lange <klappnase@freenet.de>
- Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Andy Smith <andy@strugglers.net>
- Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Stephan Seitz <stse+debian@fsing.rootsland.net>

Prev by Date: Re: how to offer Internet connection?
Next by Date: Re: Stretch net install on EeePC - unable to resolve mirror host address
Previous by thread: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Next by thread: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Index(es):
- Date
- Thread