0 Members and 1 Guest are viewing this topic.
CONFIG_PAGE_TABLE_ISOLATION=y
pectre and Meltdown mitigation detection tool v0.19Checking for vulnerabilities against live running kernel Linux 4.14.12-towo.2-siduction-amd64 #1 SMP PREEMPT siduction 4.14-22 (2018-01-08) x86_64Will use vmlinux image /boot/vmlinuz-4.14.12-towo.2-siduction-amd64Will use kconfig /proc/config.gzWill use System.map file /proc/kallsymsCVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'* Checking count of LFENCE opcodes in kernel: NO (only 34 opcodes found, should be >= 70)> STATUS: VULNERABLE (heuristic to be improved when official patches become available)CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'* Mitigation 1* Hardware (CPU microcode) support for mitigation: NO * Kernel support for IBRS: NO * IBRS enabled for Kernel space: NO * IBRS enabled for User space: NO * Mitigation 2* Kernel compiled with retpoline option: NO * Kernel compiled with a retpoline-aware compiler: NO > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'* Kernel supports Page Table Isolation (PTI): YES * PTI enabled and active: YES > STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)
Tried right now what is suggested on https://www.cyberciti.biz/faq/check-linux-server-for-spectre-meltdown-vulnerability/
Spectre and Meltdown mitigation detection tool v0.31Checking for vulnerabilities against running kernel Linux 4.14.13-towo.2-siduction-amd64 #1 SMP PREEMPT siduction 4.14-24 (2018-01-15) x86_64CPU is AMD Ryzen 7 1800X Eight-Core ProcessorCVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'* Checking whether we're safe according to the /sys interface: NO (kernel confirms your system is vulnerable)> STATUS: VULNERABLE (Vulnerable)CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'* Checking whether we're safe according to the /sys interface: NO (kernel confirms your system is vulnerable)> STATUS: VULNERABLE (Vulnerable: Minimal AMD ASM retpoline)CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'* Checking whether we're safe according to the /sys interface: YES (kernel confirms that your CPU is unaffected)> STATUS: NOT VULNERABLE (Not affected)A false sense of security is worse than no security at all, see --disclaimer
Spectre and Meltdown mitigation detection tool v0.31Checking for vulnerabilities against running kernel Linux 4.14.13-towo.2-siduction-amd64 #1 SMP PREEMPT siduction 4.14-24 (2018-01-15) x86_64CPU is Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHzCVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'* Checking whether we're safe according to the /sys interface: NO (kernel confirms your system is vulnerable)> STATUS: VULNERABLE (Vulnerable)CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'* Checking whether we're safe according to the /sys interface: NO (kernel confirms your system is vulnerable)> STATUS: VULNERABLE (Vulnerable: Minimal generic ASM retpoline)CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'* Checking whether we're safe according to the /sys interface: YES (kernel confirms that the mitigation is active)> STATUS: NOT VULNERABLE (Mitigation: PTI)A false sense of security is worse than no security at all, see --disclaimer
Spectre and Meltdown mitigation detection tool v0.34+Checking for vulnerabilities on current systemKernel is Linux 4.15.1-towo.2-siduction-amd64 #1 SMP PREEMPT siduction 4.15-4 (2018-02-06) x86_64CPU is Intel(R) Xeon(R) CPU X5650 @ 2.67GHzHardware check* Hardware support (CPU microcode) for mitigation techniques * Indirect Branch Restricted Speculation (IBRS) * SPEC_CTRL MSR is available: NO * CPU indicates IBRS capability: NO * Indirect Branch Prediction Barrier (IBPB) * PRED_CMD MSR is available: NO * CPU indicates IBPB capability: NO * Single Thread Indirect Branch Predictors (STIBP) * SPEC_CTRL MSR is available: NO * CPU indicates STIBP capability: NO * Enhanced IBRS (IBRS_ALL) * CPU indicates ARCH_CAPABILITIES MSR availability: NO * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO * CPU microcode is known to cause stability problems: NO (model 44 stepping 2 ucode 0x1d)* CPU vulnerability to the three speculative execution attacks variants * Vulnerable to Variant 1: YES * Vulnerable to Variant 2: YES * Vulnerable to Variant 3: YES CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)* Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec())> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)* Mitigation 1 * Kernel is compiled with IBRS/IBPB support: NO * Currently enabled features * IBRS enabled for Kernel space: NO * IBRS enabled for User space: NO * IBPB enabled: NO* Mitigation 2 * Kernel compiled with retpoline option: YES * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation) * Retpoline enabled: NO> STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)* Kernel supports Page Table Isolation (PTI): YES* PTI enabled and active: YES* Running as a Xen PV DomU: NO> STATUS: NOT VULNERABLE (Mitigation: PTI)