[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Meltdown & Spectre
Meltdown & Spectre
Sat, 24 Nov 2018 19:58:51 +0100 (CET)
Hello! I am using pc to visit web-sites. Using GNU/Linux is much safer than other OS.
Yes, IceCat has wonderful LibreJS plugin that may defend me from vulnerabilities.
I am seeing this:
Spectre and Meltdown mitigation detection tool v0.37+
Checking for vulnerabilities on current system
Kernel is Linux 4.19.1-gnu #1 SMP 1 x86_64
CPU is Intel(R) Pentium(R) CPU N3530 @ 2.16GHz
We're missing some kernel info (see -v), accuracy might be reduced
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: NO
* Kernel is compiled with IBPB support: UNKNOWN (in offline mode, we need the kernel image to be able to tell)
* IBPB enabled and active: NO
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: UNKNOWN (couldn't read your kernel configuration)
> STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB is needed to mitigate the vulnerability)
> How to fix: To mitigate this vulnerability, you need either IBRS + IBPB, both requiring hardware support from your CPU microcode in addition to kernel support, or a kernel compiled with retpoline and IBPB
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: NO
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)
# guix package -s readelf
Please, is what can I use instead of readelf for this script?
Also, how to embed necessary microcode?
Could you share your options in meltdown and spectre defense?
- Meltdown & Spectre,