[Eisfair] [e1] eiskernel 3.20.0 (Status 'stable') verfügbar - 3.16er Kernel für eisfair-1
Gerd Walter
fli4l.ng at hgwb.de
Fr Okt 26 16:10:15 CEST 2018
Am 26.10.18 um 15:29 schrieb Gerd Walter:
>
> Das sieht auf meinen Eisfair in der VM mit einer
> Intel(R) Xeon(R) CPU E5645 nicht gerade gut aus:
>
> eisfair # ./spectre-meltdown-checker --batch text 2>/dev/null
> CVE-2017-5753: OK (Mitigation: __user pointer sanitization)
> CVE-2017-5715: OK (IBRS + IBPB are mitigating the vulnerability)
> CVE-2017-5754: VULN (Xen PV DomUs are vulnerable and need to be run in
> HVM, PVHVM, PVH mode, or the Xen hypervisor must have the Xen's own PTI
> patch)
> CVE-2018-3640: VULN (an up-to-date CPU microcode is needed to mitigate
> this vulnerability)
> CVE-2018-3639: VULN (Neither your CPU nor your kernel support SSBD)
> CVE-2018-3615: OK (your CPU vendor reported your CPU model as not
> vulnerable)
> CVE-2018-3620: VULN (Your kernel doesn't support PTE inversion, update it)
> CVE-2018-3646: OK (this system is not running an hypervisor)
Auf einer VM 64bit(HVM) unter einen E5-2660 sieht es besser aus:
eis # ./spectre-meltdown-checker --batch text 2>/dev/null
CVE-2017-5753: OK (Mitigation: __user pointer sanitization)
CVE-2017-5715: OK (IBRS + IBPB are mitigating the vulnerability)
CVE-2017-5754: OK (Mitigation: PTI)
CVE-2018-3640: OK (your CPU microcode mitigates the vulnerability)
CVE-2018-3639: VULN (your kernel needs to be updated)
CVE-2018-3615: OK (your CPU vendor reported your CPU model as not
vulnerable)
CVE-2018-3620: VULN (Your kernel doesn't support PTE inversion, update it)
CVE-2018-3646: OK (this system is not running an hypervisor)
Gruß
Gerd
Mehr Informationen über die Mailingliste Eisfair