On 13.01.21 23:49, Michael Stone wrote:
On Wed, Jan 13, 2021 at 09:49:43PM +0100, Christoph Pflügler wrote:
[ 0.000000] microcode: microcode updated early to revision 0xd6,
date = 2019-10-03
[ 0.379026] SRBDS: Vulnerable: No microcode
[ 1.625090] microcode: sig=0x506e3, pf=0x2, revision=0xd6
[ 1.625215] microcode: Microcode Update Driver: v2.2.
Seems like the microcode is applied to my CPUs. This is also
supported by numerous other CVEs getting mitigated after
intel-microcode installation.
That's exactly the same signature I was testing with different results:
microcode: sig=0x506e3, pf=0x2, revision=0xd6
The only way I can get your results is to run unprivileged, but you
said you weren't doing that. The checks for 3640 and 3615 are
basically just looking for SSBD; in the top section the line that says
"CPU indicates SSBD capability" presumably says something other than
"YES (Intel SSBD)"?
I also tried the latest meltdown-spectre-checker (v0.44), the results
are the same (plus another red 2020 CVE).
This is presumably CVE-2020-0543; if you look at the changelog for
intel-microcode it discusses that issue. You can install the backports
version which should fix that at the risk of a boot failure.
You are absolutely right, the SSBD lines say the following (when
executed as root):
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: UNKNOWN (is cpuid kernel module
available?)
