• Home
  • Categories
  • WIKI
  • LANGUAGE: en
    • Meltdown security fix
    Community Discussion 1329 views · 7 replies ·
    Tofloor
    poster avatar
    daljit97
    deepin
    2018-01-05 12:44
    Author
    Will the Deepin team release a software update to provide a fix for the recently discovered security flaw in Intel CPUs? I know that the status of the bug can be found here for Debian https://security-tracker.debian.org/tracker/CVE-2017-5754
    Reply Favorite View the author
    All Replies
    RealAct
    deepin
    2018-01-05 20:51
    #1
    Yes, a fix is being worked on right now and will soon be released, stay tuned.
    Reply View the author
    snowcley
    deepin
    2018-01-07 09:19
    #2
    Eu baixei a ferramenta que verifica se o processador que esta no seu PC tem essa falha, o programa pode ser encontrado no site oficial da intel, tem que rodar a mesma com root, ainda bem que meu processador escapou dessa hhh
    Reply View the author
    sjtlqy
    deepin
    2018-01-07 17:29
    #3
    本帖最后由 sjtlqy 于 2018-1-7 09:32 编辑

    i checked it.

    ➜  Am-I-affected-by-Meltdown gitmaster) ✗ ./meltdown-checker
    Checking whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN ...
    Checking syscall table (sys_call_table) found at address 0xffffffffbb4001a0 ...
    0xffffffffbae0e810 -> That's SyS_read

    System affected! Please consider upgrading your kernel to one that is patched with KAISER
    Check https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html for more details
    google  project zero is enmmmmmmmm....  
    dig bugs in every software on the earth, including software Power By Google.

    em............

    great! attrack Intel Stock decrease 5%.....
    Reply View the author
    linux132
    deepin
    2018-01-07 17:54
    #4
    本帖最后由 linux132 于 2018-1-7 10:01 编辑

    There was a update in yesterday to fix some flaw, it maybe for intel. But this flaw about intel has little impact on the average users.
    Reply View the author
    primta
    deepin
    2018-01-13 06:34
    #5
    Checker Script on AMD:

    https://github.com/speed47/spectre-meltdown-checker

    1. $ sudo /home/david/Downloads/spectre-meltdown-checker-master/spectre-meltdown-checker.sh
    2. [sudo] password for david:
    3. /home/david/Downloads/spectre-meltdown-checker-master/spectre-meltdown-checker.sh: 5: /home/david/Downloads/spectre-meltdown-checker-master/spectre-meltdown-checker.sh: !/bin/sh: not found
    4. Spectre and Meltdown mitigation detection tool v0.27

    6. Checking for vulnerabilities against live running kernel Linux 4.9.0-deepin13-amd64 #1 SMP PREEMPT Deepin 4.9.57-1 (2017-10-19) x86_64

    8. CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    9. * Checking count of LFENCE opcodes in kernel:  NO
    10. > STATUS:  VULNERABLE  (only 25 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

    12. CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    13. * Mitigation 1
    14. *   Hardware (CPU microcode) support for mitigation:  NO
    15. *   Kernel support for IBRS:  NO
    16. *   IBRS enabled for Kernel space:  NO
    17. *   IBRS enabled for User space:  NO
    18. * Mitigation 2
    19. *   Kernel compiled with retpoline option:  NO
    20. *   Kernel compiled with a retpoline-aware compiler:  NO
    21. > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

    23. CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    24. * Kernel supports Page Table Isolation (PTI):  NO
    25. * PTI enabled and active:  NO
    26. > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

    28. A false sense of security is worse than no security at all, see --disclaimer
    29. david@desktop-dual:~$





    Copy the Code

    Reply View the author
    jerrymf
    deepin
    2018-01-16 13:36
    #6
    Hello, any chance to get fix in coming days?
    Reply View the author
    duanyao
    deepin
    2018-01-16 18:59
    #7
    Kernel 4.14.0-deepin2 fixed Meltdown, not sure for Spectre.

    $ sudo sh ./spectre-meltdown-checker.sh

    Spectre and Meltdown mitigation detection tool v0.31

    Checking for vulnerabilities against running kernel Linux 4.14.0-deepin2-amd64 #1 SMP PREEMPT Deepin 4.14.12-2 (2018-01-06) x86_64
    CPU is Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz

    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel:  NO
    > STATUS:  VULNERABLE  (only 23 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation
    *     The SPEC_CTRL MSR is available:  NO
    *     The SPEC_CTRL CPUID feature bit is set:  NO
    *   Kernel support for IBRS:  NO
    *   IBRS enabled for Kernel space:  NO
    *   IBRS enabled for User space:  NO
    * Mitigation 2
    *   Kernel compiled with retpoline option:  NO
    *   Kernel compiled with a retpoline-aware compiler:  NO
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  YES
    * PTI enabled and active:  YES
    * Checking if we're running under Xen PV (64 bits):  NO
    > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

    A false sense of security is worse than no security at all, see --disclaimer
    Reply View the author