On 7/1/20 4:05 AM, George N. White III wrote:
RedHat and other linux distros track Intel's efforts. Some of the
mitigations
require changes to the kernel. I'm sure many of the discussions
around which
mitigations and CPU's get priority are not public, but you can certainly
open an issue at:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues
In general, the earlier the mitigations are applied, the harder it is
to exploit the bugs, and
some mitigations can only be applied at the BIOS level, so you need to
check your BIOS
vendor's updates and forums.
All distributions have access to the same microcode, but may make
different decisions
for what should be done in BIOS and when to implement kernel changes
to support
new microcode. Ubuntu Security Page for CVE-2020-0543
<https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0543.html>
is well organized and may
be helpful checking to see if new microcode is available for your CPU.
Okay, I have done everything that I can do from my side.
I have updated my BIOS to the latest one from HP's website.
I have updated the OS to the latest updates and patches.
But still the Meltdown OVH script tells me that I am vulnerable.
So my next question would be:
1) Do I open a bug at :
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues
or
bugzilla.redhat.com
or both ?
2) What info should I include ? I am obviously doing to include the
output of /proc/cpuinfo, but is there anything else ?
3) Is there any other way to test if I am vulnerable ? The Meltdown OVH
script maybe be buggy so any other way I can test ?
--
Regards,
Sreyan
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
