CVE-2017-5715 Spectre vulnerability variant 2

Follow

Comments

3 comments

  • Avatar
    ashok k

    I am using HP DL Prolient 380 Gen 8 server running with CentOS 6.5 OS. 

    I did installed/updated all the packages as you said, and downloaded a diagnosis script from Redhat (https://access.redhat.com/security/vulnerabilities/speculativeexecution).

    But, still, the script says variant 2 aka spectre with CVE-2017-5715 is vulnerable. Any idea? below is my output.

    [akandime@hostname~]# ./meltdown_Redhat.sh

    This script is primarily designed to detect Spectre / Meltdown on supported
    Red Hat Enterprise Linux systems and kernel packages.
    Result may be inaccurate for other RPM based systems.

    /sys/kernel/debug/x86 is mounted and accessible

    The following files are accessible:
    /sys/kernel/debug/x86/pti_enabled, /sys/kernel/debug/x86/ibpb_enabled, /sys/kernel/debug/x86/ibrs_enabled
    Checking files…

    Detected CPU vendor is: Intel

    Variant #1 (Spectre): Mitigated
    Variant #2 (Spectre): Vulnerable
    Variant #3 (Meltdown): Mitigated

    For more information see:
    https://access.redhat.com/security/vulnerabilities/speculativeexecution

    =========> There is another script I download from Github and it also pointed out the same output.
    (https://github.com/speed47/spectre-meltdown-checker

    ===> [akandime@hostname~]# ./meltdown_spectre_github.sh
    Spectre and Meltdown mitigation detection tool v0.27

    Checking for vulnerabilities against live running kernel Linux 2.6.32-696.18.7.el6.x86_64 #1 SMP Thu Jan 4 17:31:22 UTC 2018 x86_64

    CVE-2017-5753 [bounds check bypass] aka ‘Spectre Variant 1’

    • Checking count of LFENCE opcodes in kernel: YES

    STATUS: NOT VULNERABLE (84 opcodes found, which is >= 70, heuristic to be improved when official patches become available)

    CVE-2017-5715 [branch target injection] aka ‘Spectre Variant 2’

    • Mitigation 1
    • Hardware (CPU microcode) support for mitigation: NO
    • Kernel support for IBRS: YES
    • IBRS enabled for Kernel space: NO
    • IBRS enabled for User space: NO
    • Mitigation 2
    • Kernel compiled with retpoline option: NO
    • Kernel compiled with a retpoline-aware compiler: NO

    STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

    CVE-2017-5754 [rogue data cache load] aka ‘Meltdown’ aka ‘Variant 3’

    • Kernel supports Page Table Isolation (PTI): YES
    • PTI enabled and active: YES

    STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)

    A false sense of security is worse than no security at all, see --disclaimer

    0
    Comment actions Permalink
  • Avatar
    ashok k

    The verification steps you said for RHEL and CentOS. Any idea? 

     

    On my server, the output is coming as zero after updating all the packages you have given and I did reboot the server too. 

     

    # cat /sys/kernel/debug/x86/ibpb_enabled
    0
    # cat /sys/kernel/debug/x86/ibrs_enabled
    0

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    @ashok k

    Hello!

    The vulnerability is on a hardware level.

    This article is aimed to provide a list of solutions prepared by OS developers.

    In case you have applied all the steps to resolve the issue and the vulnerability persists, please, contact OS developers for further instructions.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request