[Bug 1743786] Re: intel-microcode-3.20180108.0~ubuntu17.10.1 fails to address spectre variant 2 on Intel i7-6850k platform
Robert Dinse
nanook at eskimo.com
Fri Sep 21 08:41:17 UTC 2018
I have stopped installing microcode on the i7-6850k because if I do then
it will not overclock. I do install on the i7-6700k machines as it does not
seem to be an issue with them.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
Knowledgeable human assistance, not telephone trees or script readers.
See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.
On Fri, 21 Sep 2018, Steve Beattie wrote:
> Date: Fri, 21 Sep 2018 08:04:28 -0000
> From: Steve Beattie <sbeattie at ubuntu.com>
> Reply-To: Bug 1743786 <1743786 at bugs.launchpad.net>
> To: nanook at eskimo.com
> Subject: [Bug 1743786] Re: intel-microcode-3.20180108.0~ubuntu17.10.1 fails to
> address spectre variant 2 on Intel i7-6850k platform
>
> Hi Robert,
>
> The intel-microcode 3.20180807a.0ubuntu0.18.04.1 update should contain
> updates for both your hosts:
>
> 002/001: sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
> 001/001: sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
>
> Can you confirm, please? Thanks!
>
>
>
> ** Changed in: intel-microcode (Ubuntu)
> Status: New => Incomplete
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1743786
>
> Title:
> intel-microcode-3.20180108.0~ubuntu17.10.1 fails to address spectre
> variant 2 on Intel i7-6850k platform
>
> Status in intel-microcode package in Ubuntu:
> Incomplete
>
> Bug description:
> Using the test script: spectre-meltdown-checker.sh
> Checking for vulnerabilities against live running kernel Linux 4.13.0-29-lowlatency #32-Ubuntu SMP PREEMPT Fri Jan 12 13:47:11 UTC 2018 x86_64
>
> CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
> * Checking count of LFENCE opcodes in kernel: YES
> > STATUS: NOT VULNERABLE (114 opcodes found, which is >= 70, heuristic to be improved when official patches become available)
>
> CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
> * Mitigation 1
> * Hardware (CPU microcode) support for mitigation: NO
> * Kernel support for IBRS: YES
> * IBRS enabled for Kernel space: NO
> * IBRS enabled for User space: NO
> * Mitigation 2
> * Kernel compiled with retpoline option: NO
> * Kernel compiled with a retpoline-aware compiler: NO
> > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
>
> CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
> * Kernel supports Page Table Isolation (PTI): YES
> * PTI enabled and active: YES
> > STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)
>
> A false sense of security is worse than no security at all, see
> --disclaimer
>
> ProblemType: Bug
> DistroRelease: Ubuntu 17.10
> Package: intel-microcode 3.20180108.0~ubuntu17.10.1
> ProcVersionSignature: Ubuntu 4.13.0-29.32-lowlatency 4.13.13
> Uname: Linux 4.13.0-29-lowlatency x86_64
> NonfreeKernelModules: nvidia
> ApportVersion: 2.20.7-0ubuntu3.7
> Architecture: amd64
> Date: Wed Jan 17 06:00:56 2018
> InstallationDate: Installed on 2017-05-05 (256 days ago)
> InstallationMedia: Ubuntu-MATE 17.04 "Zesty Zapus" - Release amd64 (20170412)
> ProcEnviron:
> TERM=xterm-color
> PATH=(custom, no user)
> XDG_RUNTIME_DIR=<set>
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: intel-microcode
> UpgradeStatus: Upgraded to artful on 2017-10-20 (89 days ago)
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1743786/+subscriptions
>
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to intel-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/1743786
Title:
intel-microcode-3.20180108.0~ubuntu17.10.1 fails to address spectre
variant 2 on Intel i7-6850k platform
Status in intel-microcode package in Ubuntu:
Incomplete
Bug description:
Using the test script: spectre-meltdown-checker.sh
Checking for vulnerabilities against live running kernel Linux 4.13.0-29-lowlatency #32-Ubuntu SMP PREEMPT Fri Jan 12 13:47:11 UTC 2018 x86_64
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: YES
> STATUS: NOT VULNERABLE (114 opcodes found, which is >= 70, heuristic to be improved when official patches become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: NO
* Kernel support for IBRS: YES
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)
A false sense of security is worse than no security at all, see
--disclaimer
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: intel-microcode 3.20180108.0~ubuntu17.10.1
ProcVersionSignature: Ubuntu 4.13.0-29.32-lowlatency 4.13.13
Uname: Linux 4.13.0-29-lowlatency x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.20.7-0ubuntu3.7
Architecture: amd64
Date: Wed Jan 17 06:00:56 2018
InstallationDate: Installed on 2017-05-05 (256 days ago)
InstallationMedia: Ubuntu-MATE 17.04 "Zesty Zapus" - Release amd64 (20170412)
ProcEnviron:
TERM=xterm-color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: intel-microcode
UpgradeStatus: Upgraded to artful on 2017-10-20 (89 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1743786/+subscriptions
More information about the foundations-bugs
mailing list