Re: spectre-and-meltdown-security-kernel-upgrades
Posted: 29. Jan 2018, 21:16
Hello gaucho, use a custom kernel ...
> uname -a
Linux salix 4.4.111-smp #2 SMP Thu Jan 11 14:01:08 CST 2018 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux
Distro Live/CD.
Salix 14.2.
Microsoft
No information for x86-based systems ...
> uname -a
Linux salix 4.4.111-smp #2 SMP Thu Jan 11 14:01:08 CST 2018 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux
Distro Live/CD.
Code: Select all
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
>libgcc-7.3.0_1
$ uname -a
Linux XYZ 4.14.15 #1 SMP PREEMPT Sun Jan 28 22:13:16 UTC 2018 i686 GNU/Linux
Code: Select all
> git clone https://github.com/speed47/spectre-meltdown-checker.git
> sudo sh spectre-meltdown-checker.sh
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): NO
* PTI enabled and active: NO
* Running as a Xen PV DomU: NO
> STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability)
Code: Select all
The existing 32 bit update packages listed in this advisory fully address CVE-2017-5753 and CVE-2017-5715, but do not provide protections for CVE-2017-5754 at this time. Microsoft is continuing to work with affected chip manufacturers and investigate the best way to provide mitigations for x86 customers, which may be provided in a future update.