On Mon, Jun 10, 2019 at 02:01:25PM +1000, Russell Coker wrote:
I just discovered the spectre-meltdown-checker package (thanks Sylvestre for
packaging this).
model name : Intel(R) Core(TM)2 Quad CPU Q9505 @ 2.83GHz
On a system with the above CPU running Debian/Testing I get the following
results from the spectre-meltdown-checker script. Is this a bug in the intel-
microcode package that the latest version isn't packaged? There is no newer
version of intel-microcode in Unstable.
# spectre-meltdown-checker |grep CPU.mic
* Hardware support (CPU microcode) for mitigation techniques
* CPU microcode is known to cause stability problems: NO (model 0x17
family 0x6 stepping 0xa ucode 0xa0b cpuid 0x1067a)
* CPU microcode is the latest known available version: NO (latest version
is 0xa0e dated 2015/07/29 according to builtin MCExtractor DB v111 -
2019/05/18)
IBPB is considered as a good addition to retpoline for Variant 2 mitigation,
but your CPU microcode doesn't support it
* CPU microcode mitigates the vulnerability: NO
STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this
vulnerability)
* CPU microcode mitigates the vulnerability: N/A
Your CPU is not supported my Intel, so you either accept the risk or buy
a new one. (Note that the latest version of the microcode is from
2015--long before any of these speculative execution vulnerabilities
were mitigated.) Yours is a yorkfield:
https://www.theregister.co.uk/2018/04/04/intel_spectre_microcode_updates/
