Hi, On Wed, Mar 23, 2022 at 11:47 AM Georgi Naplatanov <go...@oles.biz> wrote: > > On 3/23/22 15:58, piorunz wrote: > > On 12/03/2022 09:48, Georgi Naplatanov wrote: > > > >> spectre-meltdown-checker script reports that my system is vulnerable to > >> CVE-2017-5715. My CPU is Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz > >> > >> Is this normal? > >> > >> In the past all checks from spectre-meltdown-checker were green (my > >> system was not vulnerable). > > > > Is your vulnerability shown as follows? > > > > CVE-2017-5715 aka 'Spectre Variant 2, branch target injection' > > * Mitigated according to the /sys interface: YES (Mitigation: > > Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling) > > * Mitigation 1 > > * Kernel is compiled with IBRS support: YES > > * IBRS enabled and active: YES (for firmware code only) > > * Kernel is compiled with IBPB support: YES > > * IBPB enabled and active: YES > > * Mitigation 2 > > * Kernel has branch predictor hardening (arm): NO > > * Kernel compiled with retpoline option: YES > > * Kernel supports RSB filling: YES > >> STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, is > > needed to mitigate the vulnerability) > > > > Yes, it seems the same but to avoid possible confusion/mistake I'm > pasting the output below: > > > CVE-2017-5715 aka 'Spectre Variant 2, branch target injection' > * Mitigated according to the /sys interface: YES (Mitigation: > Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling) > * Mitigation 1 > * Kernel is compiled with IBRS support: YES > * IBRS enabled and active: YES (for firmware code only) > * Kernel is compiled with IBPB support: YES > * IBPB enabled and active: YES > * Mitigation 2 > * Kernel has branch predictor hardening (arm): NO > * Kernel compiled with retpoline option: YES > * Kernel supports RSB filling: YES > > STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, is > needed to mitigate the vulnerability) >
Please, take into consideration what is in the link and you can consult through it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715 -- Cheers, Leandro Cunha Software Engineer and Debian Contributor⠀⠀⠀
