[CentOS] spectre variant 2
Fred Smith
fredex at fcshome.stoneham.ma.us
Sat Mar 17 00:39:14 UTC 2018
On Fri, Mar 16, 2018 at 09:42:34PM +0000, Phil Perry wrote:
> On 16/03/18 18:24, Fred Smith wrote:
> >Hi all!
> >
> >I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU.
> >
>
> What kernel are you running (uname -r)?
uname -r
3.10.0-693.21.1.el7.x86_64
>
> >I note that when I run the redhat script to test for spectre & meltdown
> >I get this result for variant 2:
> >
> >Variant #2 (Spectre): Vulnerable
> >CVE-2017-5715 - speculative execution branch target injection
> > - Kernel with mitigation patches: OK
> > - HW support / updated microcode: NO
> > - IBRS: Not disabled on kernel commandline
> > - IBPB: Not disabled on kernel commandline
> >
> >
> >and when I run the one from github I get this:
> >
> >CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
> >* Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable)
> >* Mitigation 1
> > * Kernel is compiled with IBRS/IBPB support: YES
> > * Currently enabled features
> > * IBRS enabled for Kernel space: NO
> > * IBRS enabled for User space: NO
> > * IBPB enabled: NO
> >* Mitigation 2
> > * Kernel compiled with retpoline option: YES
> > * Kernel compiled with a retpoline-aware compiler: UNKNOWN
> >>STATUS: VULNERABLE (Vulnerable: Retpoline without IBPB)
> >
> >
> >So, I"m wondering:
> >1. has RH in fact released mitigations for this issue for AMD processors, and
> >2. has AMD released microcode updates for this?
> >
> >I have no idea how to query AMD with such a question, anybody here know?
> >
> >Thanks in advance!
> >
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
--
---- Fred Smith -- fredex at fcshome.stoneham.ma.us -----------------------------
God made him who had no sin
to be sin for us, so that in him
we might become the righteousness of God."
--------------------------- Corinthians 5:21 ---------------------------------
More information about the CentOS
mailing list