Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

To: debian-user@lists.debian.org
Subject: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
From: mlnl <mlnl@mailbox.org>
Date: Fri, 23 Feb 2018 15:05:18 +0100
Message-id: <[🔎] b8462d7e-9dd5-8d78-3611-c1df92c4cb42@mailbox.org>
In-reply-to: <[🔎] CANc=Sd0C6g79L1b0jiSENuebS+ZftAZ0jwDjjhXk5OYp6_x=Zw@mail.gmail.com>
References: <[🔎] CAB=k8WKVYoLY2f1+0BpduugZUAyyQRKQp3QiD8BwquN6-iT7MA@mail.gmail.com> <[🔎] 20180223124339.kpzelwd7h6okwx6m@p5k.home> <[🔎] CANc=Sd0C6g79L1b0jiSENuebS+ZftAZ0jwDjjhXk5OYp6_x=Zw@mail.gmail.com>

Hi,

> Can it be true?  A version of gcc that runs on stretch that will
> compile the latest fancy spectre fixes etc?

with latest vanilla kernel 4.15.4 and updated gcc-6:

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that
the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64
bits array_index_mask_nospec())
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that
the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO
    * IBRS enabled for User space:  NO
    * IBPB enabled:  NO
* Mitigation 2
  * Kernel compiled with retpoline option:  YES
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel
reports full retpoline compilation)
  * Retpoline enabled:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that
the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  YES
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

grep bugs /proc/cpuinfo
bugs            : cpu_meltdown spectre_v1 spectre_v2
model name      : Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz



stepping        : 3



microcode       : 0x22

-- 
mlnl

Reply to:

Follow-Ups:
- Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Felipe Salvador <felipe.salvador@gmail.com>

References:
- Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Julien Aubin <julien.aubin@gmail.com>
- Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Reco <recoverym4n@gmail.com>
- Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
  - From: Michael Fothergill <michael.fothergill@gmail.com>

Prev by Date: Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Next by Date: Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Previous by thread: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Next by thread: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Index(es):
- Date
- Thread