Public bug reported: Hello,
I'm testing script: https://www.tecmint.com/check-and-patch-meltdown-cpu-vulnerability-in-linux/ :~/spectre-meltdown-checker$ sudo ./spectre-meltdown-checker.sh [sudo] password for caravena: Spectre and Meltdown mitigation detection tool v0.31 Checking for vulnerabilities against running kernel Linux 4.13.0-30-generic #33-Ubuntu SMP Mon Jan 15 19:45:48 UTC 2018 x86_64 CPU is Intel(R) Core(TM) i3-2377M CPU @ 1.50GHz CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Checking count of LFENCE opcodes in kernel: YES > STATUS: NOT VULNERABLE (114 opcodes found, which is >= 70, heuristic to be > improved when official patches become available) CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigation 1 * Hardware (CPU microcode) support for mitigation * The SPEC_CTRL MSR is available: NO * The SPEC_CTRL CPUID feature bit is set: NO * Kernel support for IBRS: YES * IBRS enabled for Kernel space: NO * IBRS enabled for User space: NO * Mitigation 2 * Kernel compiled with retpoline option: NO * Kernel compiled with a retpoline-aware compiler: NO > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline > are needed to mitigate the vulnerability) CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Kernel supports Page Table Isolation (PTI): YES * PTI enabled and active: YES * Checking if we're running under Xen PV (64 bits): NO > STATUS: NOT VULNERABLE (PTI mitigates the vulnerability) A false sense of security is worse than no security at all, see --disclaimer Regards, -- Cristian ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.13.0-30-generic 4.13.0-30.33 ProcVersionSignature: Ubuntu 4.13.0-30.33-generic 4.13.13 Uname: Linux 4.13.0-30-generic x86_64 ApportVersion: 2.20.8-0ubuntu6 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: caravena 1689 F.... pulseaudio CurrentDesktop: ubuntu:GNOME Date: Wed Jan 17 13:18:45 2018 InstallationDate: Installed on 2017-10-13 (96 days ago) InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Alpha amd64 (20170926) MachineType: SAMSUNG ELECTRONICS CO., LTD. 530U3C/530U4C ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-4.13.0-30-generic root=UUID=707d0f89-4b1d-4432-9d50-6058dc4c1ee9 ro rootflags=subvol=@ quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.13.0-30-generic N/A linux-backports-modules-4.13.0-30-generic N/A linux-firmware 1.170 SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 04/15/2013 dmi.bios.vendor: Phoenix Technologies Ltd. dmi.bios.version: P14AAJ dmi.board.asset.tag: Base Board Asset Tag dmi.board.name: SAMSUNG_NP1234567890 dmi.board.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.board.version: FAB1 dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 9 dmi.chassis.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.chassis.version: 0.1 dmi.modalias: dmi:bvnPhoenixTechnologiesLtd.:bvrP14AAJ:bd04/15/2013:svnSAMSUNGELECTRONICSCO.,LTD.:pn530U3C/530U4C:pvr0.1:rvnSAMSUNGELECTRONICSCO.,LTD.:rnSAMSUNG_NP1234567890:rvrFAB1:cvnSAMSUNGELECTRONICSCO.,LTD.:ct9:cvr0.1: dmi.product.family: ChiefRiver System dmi.product.name: 530U3C/530U4C dmi.product.version: 0.1 dmi.sys.vendor: SAMSUNG ELECTRONICS CO., LTD. ** Affects: linux (Ubuntu) Importance: Undecided Status: Confirmed ** Tags: amd64 apport-bug artful bionic package-from-proposed ** Attachment added: "Captura de pantalla de 2018-01-17 13-16-33.png" https://bugs.launchpad.net/bugs/1743812/+attachment/5038299/+files/Captura%20de%20pantalla%20de%202018-01-17%2013-16-33.png -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1743812 Title: CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' Status in linux package in Ubuntu: Confirmed Bug description: Hello, I'm testing script: https://www.tecmint.com/check-and-patch-meltdown-cpu-vulnerability-in-linux/ :~/spectre-meltdown-checker$ sudo ./spectre-meltdown-checker.sh [sudo] password for caravena: Spectre and Meltdown mitigation detection tool v0.31 Checking for vulnerabilities against running kernel Linux 4.13.0-30-generic #33-Ubuntu SMP Mon Jan 15 19:45:48 UTC 2018 x86_64 CPU is Intel(R) Core(TM) i3-2377M CPU @ 1.50GHz CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Checking count of LFENCE opcodes in kernel: YES > STATUS: NOT VULNERABLE (114 opcodes found, which is >= 70, heuristic to be improved when official patches become available) CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigation 1 * Hardware (CPU microcode) support for mitigation * The SPEC_CTRL MSR is available: NO * The SPEC_CTRL CPUID feature bit is set: NO * Kernel support for IBRS: YES * IBRS enabled for Kernel space: NO * IBRS enabled for User space: NO * Mitigation 2 * Kernel compiled with retpoline option: NO * Kernel compiled with a retpoline-aware compiler: NO > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability) CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Kernel supports Page Table Isolation (PTI): YES * PTI enabled and active: YES * Checking if we're running under Xen PV (64 bits): NO > STATUS: NOT VULNERABLE (PTI mitigates the vulnerability) A false sense of security is worse than no security at all, see --disclaimer Regards, -- Cristian ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.13.0-30-generic 4.13.0-30.33 ProcVersionSignature: Ubuntu 4.13.0-30.33-generic 4.13.13 Uname: Linux 4.13.0-30-generic x86_64 ApportVersion: 2.20.8-0ubuntu6 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: caravena 1689 F.... pulseaudio CurrentDesktop: ubuntu:GNOME Date: Wed Jan 17 13:18:45 2018 InstallationDate: Installed on 2017-10-13 (96 days ago) InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Alpha amd64 (20170926) MachineType: SAMSUNG ELECTRONICS CO., LTD. 530U3C/530U4C ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-4.13.0-30-generic root=UUID=707d0f89-4b1d-4432-9d50-6058dc4c1ee9 ro rootflags=subvol=@ quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.13.0-30-generic N/A linux-backports-modules-4.13.0-30-generic N/A linux-firmware 1.170 SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 04/15/2013 dmi.bios.vendor: Phoenix Technologies Ltd. dmi.bios.version: P14AAJ dmi.board.asset.tag: Base Board Asset Tag dmi.board.name: SAMSUNG_NP1234567890 dmi.board.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.board.version: FAB1 dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 9 dmi.chassis.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.chassis.version: 0.1 dmi.modalias: dmi:bvnPhoenixTechnologiesLtd.:bvrP14AAJ:bd04/15/2013:svnSAMSUNGELECTRONICSCO.,LTD.:pn530U3C/530U4C:pvr0.1:rvnSAMSUNGELECTRONICSCO.,LTD.:rnSAMSUNG_NP1234567890:rvrFAB1:cvnSAMSUNGELECTRONICSCO.,LTD.:ct9:cvr0.1: dmi.product.family: ChiefRiver System dmi.product.name: 530U3C/530U4C dmi.product.version: 0.1 dmi.sys.vendor: SAMSUNG ELECTRONICS CO., LTD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1743812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
