[CentOS] spectre variant 2

Fred Smith fredex at fcshome.stoneham.ma.us
Sat Mar 17 00:39:14 UTC 2018 

On Fri, Mar 16, 2018 at 09:42:34PM +0000, Phil Perry wrote:
> On 16/03/18 18:24, Fred Smith wrote:
> >Hi all!
> >
> >I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU.
> >
> 
> What kernel are you running (uname -r)?

 uname -r
3.10.0-693.21.1.el7.x86_64

> 
> >I note that when I run the redhat script to test for spectre & meltdown
> >I get this result for variant 2:
> >
> >Variant #2 (Spectre): Vulnerable
> >CVE-2017-5715 - speculative execution branch target injection
> >    - Kernel with mitigation patches: OK
> >    - HW support / updated microcode: NO
> >    - IBRS: Not disabled on kernel commandline
> >    - IBPB: Not disabled on kernel commandline
> >
> >
> >and when I run the one from github I get this:
> >
> >CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
> >* Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> >* Mitigation 1
> >   * Kernel is compiled with IBRS/IBPB support:  YES
> >   * Currently enabled features
> >     * IBRS enabled for Kernel space:  NO
> >     * IBRS enabled for User space:  NO
> >     * IBPB enabled:  NO
> >* Mitigation 2
> >   * Kernel compiled with retpoline option:  YES
> >   * Kernel compiled with a retpoline-aware compiler:  UNKNOWN
> >>STATUS:  VULNERABLE  (Vulnerable: Retpoline without IBPB)
> >
> >
> >So, I"m wondering:
> >1. has RH in fact released mitigations for this issue for AMD processors, and
> >2. has AMD released microcode updates for this?
> >
> >I have no idea how to query AMD with such a question, anybody here know?
> >
> >Thanks in advance!
> >
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

-- 
---- Fred Smith -- fredex at fcshome.stoneham.ma.us -----------------------------
                         God made him who had no sin
                      to be sin for us, so that in him
                 we might become the righteousness of God."
--------------------------- Corinthians 5:21 ---------------------------------

More information about the CentOS mailing list