• Home
  • Categories
  • WIKI
  • LANGUAGE: en
    • Meltdown security fix
    Community Discussion 1530 views · 7 replies ·
    Tofloor
    poster avatar
    daljit97
    deepin
    2018-01-05 12:44
    Author
    Will the Deepin team release a software update to provide a fix for the recently discovered security flaw in Intel CPUs? I know that the status of the bug can be found here for Debian https://security-tracker.debian.org/tracker/CVE-2017-5754
    Reply Favorite View the author
    All Replies
    avatar
    RealAct
    deepin
    2018-01-05 20:51
    #1
    Yes, a fix is being worked on right now and will soon be released, stay tuned.
    Reply View the author
    avatar
    snowcley
    deepin
    2018-01-07 09:19
    #2
    Eu baixei a ferramenta que verifica se o processador que esta no seu PC tem essa falha, o programa pode ser encontrado no site oficial da intel, tem que rodar a mesma com root, ainda bem que meu processador escapou dessa hhh
    Reply View the author
    avatar
    sjtlqy
    deepin
    2018-01-07 17:29
    #3
    本帖最后由 sjtlqy 于 2018-1-7 09:32 编辑

    i checked it.

    ➜  Am-I-affected-by-Meltdown gitmaster) ✗ ./meltdown-checker
    Checking whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN ...
    Checking syscall table (sys_call_table) found at address 0xffffffffbb4001a0 ...
    0xffffffffbae0e810 -> That's SyS_read

    System affected! Please consider upgrading your kernel to one that is patched with KAISER
    Check https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html for more details
    google  project zero is enmmmmmmmm....  
    dig bugs in every software on the earth, including software Power By Google.

    em............

    great! attrack Intel Stock decrease 5%.....
    Reply View the author
    avatar
    linux132
    deepin
    2018-01-07 17:54
    #4
    本帖最后由 linux132 于 2018-1-7 10:01 编辑

    There was a update in yesterday to fix some flaw, it maybe for intel. But this flaw about intel has little impact on the average users.
    Reply View the author
    avatar
    primta
    deepin
    2018-01-13 06:34
    #5
    Checker Script on AMD:

    https://github.com/speed47/spectre-meltdown-checker

    1. $ sudo /home/david/Downloads/spectre-meltdown-checker-master/spectre-meltdown-checker.sh
    2. [sudo] password for david:
    3. /home/david/Downloads/spectre-meltdown-checker-master/spectre-meltdown-checker.sh: 5: /home/david/Downloads/spectre-meltdown-checker-master/spectre-meltdown-checker.sh: !/bin/sh: not found
    4. Spectre and Meltdown mitigation detection tool v0.27

    6. Checking for vulnerabilities against live running kernel Linux 4.9.0-deepin13-amd64 #1 SMP PREEMPT Deepin 4.9.57-1 (2017-10-19) x86_64

    8. CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    9. * Checking count of LFENCE opcodes in kernel:  NO
    10. > STATUS:  VULNERABLE  (only 25 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

    12. CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    13. * Mitigation 1
    14. *   Hardware (CPU microcode) support for mitigation:  NO
    15. *   Kernel support for IBRS:  NO
    16. *   IBRS enabled for Kernel space:  NO
    17. *   IBRS enabled for User space:  NO
    18. * Mitigation 2
    19. *   Kernel compiled with retpoline option:  NO
    20. *   Kernel compiled with a retpoline-aware compiler:  NO
    21. > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

    23. CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    24. * Kernel supports Page Table Isolation (PTI):  NO
    25. * PTI enabled and active:  NO
    26. > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

    28. A false sense of security is worse than no security at all, see --disclaimer
    29. david@desktop-dual:~$





    Copy the Code

    Reply View the author
    avatar
    jerrymf
    deepin
    2018-01-16 13:36
    #6
    Hello, any chance to get fix in coming days?
    Reply View the author
    avatar
    duanyao
    deepin
    2018-01-16 18:59
    #7
    Kernel 4.14.0-deepin2 fixed Meltdown, not sure for Spectre.

    $ sudo sh ./spectre-meltdown-checker.sh

    Spectre and Meltdown mitigation detection tool v0.31

    Checking for vulnerabilities against running kernel Linux 4.14.0-deepin2-amd64 #1 SMP PREEMPT Deepin 4.14.12-2 (2018-01-06) x86_64
    CPU is Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz

    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel:  NO
    > STATUS:  VULNERABLE  (only 23 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation
    *     The SPEC_CTRL MSR is available:  NO
    *     The SPEC_CTRL CPUID feature bit is set:  NO
    *   Kernel support for IBRS:  NO
    *   IBRS enabled for Kernel space:  NO
    *   IBRS enabled for User space:  NO
    * Mitigation 2
    *   Kernel compiled with retpoline option:  NO
    *   Kernel compiled with a retpoline-aware compiler:  NO
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  YES
    * PTI enabled and active:  YES
    * Checking if we're running under Xen PV (64 bits):  NO
    > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

    A false sense of security is worse than no security at all, see --disclaimer
    Reply View the author