App installieren
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Anmerkung: This feature may not be available in some browsers.
Du verwendest einen veralteten Browser. Es ist möglich, dass diese oder andere Websites nicht korrekt angezeigt werden.
Du solltest ein Upgrade durchführen oder ein alternativer Browser verwenden.
Du solltest ein Upgrade durchführen oder ein alternativer Browser verwenden.
Meltdown/Spectre Script Verifikation Linux
- Ersteller TAL9000
- Erstellt am
RedBaron
Admiral Special
- Mitglied seit
- 23.08.2006
- Beiträge
- 1.634
- Renomée
- 115
- Mein Laptop
- HP14s-dq2222ng Pentium Gold 7505 2,0GHz,16GB DDR4-3200 MHz(2x8GB),256GB NVMe SSD,Windows 11 Pro 23H2
- Prozessor
- AMD Ryzen 9 7900X B2 Stepping
- Mainboard
- ASRock B650E PG Riptide WiFi UEFI Ver. 2.10
- Kühlung
- AiO: AC Liquid Freezer 240 4xF12 120mm Lüfter, Gehäuse: 1 Pure Wings 2 140mm, 1 Pure Wings 2 120mm
- Speicher
- 128 GiB Kingston DDR5 4200MHz@1.1V KVR56U46BD8-32 (SK Hynix A-Die)
- Grafikprozessor
- PowerColor RX 7700 XT 12G-F/OC, 12GB GDDR6
- Display
- LG 35WN65C-B Professional 35 Zoll, 3440x1440 Pixel, 100Hz, UWQHD, HDR
- SSD
- Kingston KC3000 2TB, Samsung 970 EVO 1 TB, Crucial MX200 256 GB, SanDisk SDSSDP128GS 128 GB
- HDD
- Seagate Ironwolf ST4000VN006-3CW104 4TB SATA3, gedämmt, 2x Seagate 4TB USB 3.2 extern
- Optisches Laufwerk
- LG Electronics BH16NS40 Blu-ray Disc Writer, gedämmt montiert
- Soundkarte
- Realtek ALC897
- Gehäuse
- Be Quiet Silent Base 600 Schall-gedämmt
- Netzteil
- Be Quiet Straight Power E8 580W 80+ Gold
- Tastatur
- Logitech K280e Corded Keyboard
- Maus
- Logitech M500 Corded Mouse
- Betriebssystem
- Linux Mint 21.3 Cinnamon x64, Windows 11 Pro 23H2 x64
- Webbrowser
- Firefox 125
- Verschiedenes
- 3D Connexion SpaceNavigator, HP Color LaserJet Pro MFP M181fw, Fritzbox 7590 AX-V2 & 7530 als Mesh, Creative i-Trigue 330, Speedlink Competition Pro USB, 3,5"Disketten-Laufwerk, RS232-Port
- Internetanbindung
- ▼250 ▲40
-Ubuntu 16.04.3 LTS x64
-Kernel 4.13.0-36 generic
-Ryzen 7 1800X, B350 Chipsatz
-Kernel 4.13.0-36 generic
-Ryzen 7 1800X, B350 Chipsatz
Spectre and Meltdown mitigation detection tool v0.35
Checking for vulnerabilities on current system
Kernel is Linux 4.13.0-36-generic #40~16.04.1-Ubuntu SMP Fri Feb 16 23:25:58 UTC 2018 x86_64
CPU is AMD Ryzen 7 1800X Eight-Core Processor
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: NO
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: NO
* Kernel has the Red Hat/Ubuntu patch: YES
> STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: YES
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Mitigation: Full AMD retpoline)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that your CPU is unaffected)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: NO
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
MagicEye04
Grand Admiral Special
- Mitglied seit
- 20.03.2006
- Beiträge
- 23.317
- Renomée
- 1.900
- Standort
- oops,wrong.planet..
- Aktuelle Projekte
- Seti,WCG,Einstein + was gerade Hilfe braucht
- Lieblingsprojekt
- Seti
- Meine Systeme
- R7-1700+GTX1070ti,R7-1700+RadeonVII, FX-8350+GTX1050ti, X4-5350+GT1030, X2-240e+RX460
- BOINC-Statistiken
- Folding@Home-Statistiken
- Mein Laptop
- Dell Latitude E7240
- Prozessor
- R9-3950X (@65W)
- Mainboard
- Asus Prime B550plus
- Kühlung
- TR Macho
- Speicher
- 2x16GiB Corsair LPX2666C16
- Grafikprozessor
- Radeon VII
- Display
- LG 32UD99-W 81,3cm
- SSD
- Crucial MX500-250GB, Samsung EVO280 256GB
- HDD
- Seagate 7200.14 2TB (per eSATAp)
- Optisches Laufwerk
- LG DVDRAM GH24NS90
- Soundkarte
- onboard
- Gehäuse
- Nanoxia Deep Silence1
- Netzteil
- BeQuiet StraightPower 11 550W
- Tastatur
- Cherry RS6000
- Maus
- Logitech RX600
- Betriebssystem
- Ubuntu
- Webbrowser
- Feuerfuchs
- Verschiedenes
- 4x Nanoxia Lüfter (120/140mm) , Festplatte in Bitumenbox
Sieht bei mir exakt genau so aus wie beim Roten Baron. 3x grün.
Nur dass es bei mir Ubuntu17.10 ist und nur ein 1700er Ryzen.
Mal schauen, ob die alten Kisten auch bei Zeiten automatisch einen neuen Kernel bekommen.
Edit: Der Athlon5350 sieht jetzt auch gut aus mit Linux 4.4.0-116-generic #140 - ebenfalls 3x grün.
Nur dass es bei mir Ubuntu17.10 ist und nur ein 1700er Ryzen.
Mal schauen, ob die alten Kisten auch bei Zeiten automatisch einen neuen Kernel bekommen.
Edit: Der Athlon5350 sieht jetzt auch gut aus mit Linux 4.4.0-116-generic #140 - ebenfalls 3x grün.
Zuletzt bearbeitet:
TAL9000
Grand Admiral Special
- Mitglied seit
- 20.03.2007
- Beiträge
- 5.945
- Renomée
- 654
- Standort
- nähe Giessen
- Mitglied der Planet 3DNow! Kavallerie!
- Aktuelle Projekte
- was halt so geht, bervozuge aber Bio/Physik/Astronomie Projekte
- Lieblingsprojekt
- SIMAP, danach kam mMn nichts mehr direkt produktives
- Meine Systeme
- Ryzen 3700X; 4650G; 1700X; Intel 8x i5-2/3xxx Radeon RX6950XT; RX6500XT; HD5830; 2xHD5850; 4xRX560; RX580x
- BOINC-Statistiken
- Folding@Home-Statistiken
- Mein Laptop
- Fujitsu LifeBook E546 FJNB291
- Prozessor
- AMD Ryzen 7 3700X // Ryzen 5 4650G // Intel Core i7-3770 + i5-3570K
- Mainboard
- MSI B350 PC Mate // ASRock A300-STX // 2x Intel DH77EB
- Kühlung
- Arctic Liquid Freezer 240 + 2x SilverStone FW121 // Noctua NH-L9a // AC Freezer 7 // Intel E41759
- Speicher
- 2x16GB DDR4-3200 // 2x8GB DDR4-3200 // 2x8GB DDR3-1600 // 4x4GB DDR3-1600
- Grafikprozessor
- PowerColor Radeon RX 6950 XT Red Devil 16G // AMD IGP // Sapphire Pulse RX 6500 XT 4G // Intel IGP
- Display
- 24" Lenovo ThinkVision LT2452p 1920x1200
- SSD
- WD_BLACK SN750 500GB // Transcend MTE110S 256GB // Canvas SL308 250GB // Crucial MX500 250GB
- HDD
- MG06ACA800E 8TB // Z5K1000 1TB // HDWA120EZSTA 2TB // HD153UI 1,5TB
- Optisches Laufwerk
- - // - // LiteOn iHAS120 DVD-RW // LG DVD-RW
- Soundkarte
- OnBoard
- Gehäuse
- Enermax iVektor schwarz // AsRock DeskMini // Chenbro PC31031 // TFX Desktop
- Netzteil
- be quiet! Dark Power Pro 11 650W // ex 19V // FSP Hexa 85+ Pro 450W // Seasonic SS-300TFX
- Tastatur
- Qpad 3202-MK85 Cherry MX-Brown
- Maus
- VERTI WM25
- Betriebssystem
- Win10pro x64 // Ubuntu Xfce (Mint) // Win10pro x64 // Ubuntu Xfce (Mint)
- Webbrowser
- Firefox
- Verschiedenes
- Danke thorsam & JagDoc, KVM ATEN CS1764 4-fach Desktop , USV 2xAPC BR900GI, NAS QNAP TS-431P2-8G + TS-462-16G je 4x4TB
- Internetanbindung
-
▼50 MBit
▲10 MBit
neue Version 0.35 sowie weiterhin das "alte" Microcodeupdate 3.20180108.0+really20170707ubuntu14.04.1
CPU Intel Core i3-540 auf Intel DH55TC, Mint 17.3 mit Kernel 4.4.0-116
Nun ist auch Spectre V2 nicht mehr relevant für dieses System.
Schön das, mal den Laptop aufbauen und schauen ob es an der 32Bit Front auch was neues gibt...
--- Update ---
Ein Lichtblick:
CPU Intel Pentium Dual Core T2080 im Toshiba Satelite A200-1CC, Mint 18.3 mit Kernel 4.13.0-36-generic #40 (32bit/i686)
2 von 3 ist schon mal besser als 0 von 3, auch wenn ich lieber Meltdown als gesichert gesehen hätte
CPU Intel Core i3-540 auf Intel DH55TC, Mint 17.3 mit Kernel 4.4.0-116
Code:
Spectre and Meltdown mitigation detection tool v0.35
Checking for vulnerabilities on current system
Kernel is Linux 4.4.0-116-generic #140~14.04.1-Ubuntu SMP Fri Feb 16 09:25:20 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 37 stepping 5 ucode 0x4)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: NO
* Kernel has the Red Hat/Ubuntu patch: YES
> STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: YES
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
A false sense of security is worse than no security at all, see --disclaimer
Nun ist auch Spectre V2 nicht mehr relevant für dieses System.
Schön das, mal den Laptop aufbauen und schauen ob es an der 32Bit Front auch was neues gibt...
--- Update ---
Ein Lichtblick:
CPU Intel Pentium Dual Core T2080 im Toshiba Satelite A200-1CC, Mint 18.3 mit Kernel 4.13.0-36-generic #40 (32bit/i686)
Code:
Spectre and Meltdown mitigation detection tool v0.35
Checking for vulnerabilities on current system
Kernel is Linux 4.13.0-36-generic #40~16.04.1-Ubuntu SMP Fri Feb 16 23:26:51 UTC 2018 i686
CPU is Genuine Intel(R) CPU T2080 @ 1.73GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 14 stepping 12 ucode 0x5b)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: NO
* Kernel has the Red Hat/Ubuntu patch: YES
> STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: YES
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable)
* Kernel supports Page Table Isolation (PTI): NO
* PTI enabled and active: NO
* Running as a Xen PV DomU: NO
> STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability)
A false sense of security is worse than no security at all, see --disclaimer
eratte
Redaktion
☆☆☆☆☆☆
- Mitglied seit
- 11.11.2001
- Beiträge
- 21.914
- Renomée
- 2.830
- Standort
- Rheinberg / NRW
- Mitglied der Planet 3DNow! Kavallerie!
- Aktuelle Projekte
- YoYo, Collatz
- Lieblingsprojekt
- YoYo
- Meine Systeme
- Wegen der aktuellen Lage alles aus.
- BOINC-Statistiken
- Mein Laptop
- Lenovo ThinkPad E15 Gen4 Intel / HP PAVILION 14-dk0002ng
- Prozessor
- Ryzen R9 7950X
- Mainboard
- ASUS ROG Crosshair X670E Hero
- Kühlung
- Noctua NH-D15
- Speicher
- 2 x 32 GB G.Skill Trident Z DDR5 6000 CL30-40-40-96
- Grafikprozessor
- Sapphire Radeon RX7900XTX Gaming OC Nitro+
- Display
- 2 x ASUS XG27AQ (2560x1440@144 Hz)
- SSD
- Samsung 980 Pro 1 TB & Lexar NM790 4 TB
- Optisches Laufwerk
- USB Blu-Ray Brenner
- Soundkarte
- Onboard
- Gehäuse
- NEXT H7 Flow Schwarz
- Netzteil
- Corsair HX1000 (80+ Platinum)
- Tastatur
- ASUS ROG Strix Scope RX TKL Wireless / 2. Rechner&Server Cherry G80-3000N RGB TKL
- Maus
- ROG Gladius III Wireless / 2. Rechner&Server Sharkoon Light2 180
- Betriebssystem
- Windows 11 Pro 64
- Webbrowser
- Firefox
- Verschiedenes
- 4 x BQ Light Wings 14. 1 x NF-A14 Noctua Lüfter. Corsair HS80 Headset .
- Internetanbindung
- ▼VDSL 100 ▲VDSL 100
Linux Mint 18.3 auf i3450/Z77:
Spectre and Meltdown mitigation detection tool v0.30
Checking for vulnerabilities against running kernel Linux 4.13.0-36-generic #40~16.04.1-Ubuntu SMP Fri Feb 16 23:25:58 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface: YES (kernel confirms that the mitigation is active)
> STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface: YES (kernel confirms that the mitigation is active)
> STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface: YES (kernel confirms that the mitigation is active)
> STATUS: NOT VULNERABLE (Mitigation: PTI)
A false sense of security is worse than no security at all, see --disclaimer
MagicEye04
Grand Admiral Special
- Mitglied seit
- 20.03.2006
- Beiträge
- 23.317
- Renomée
- 1.900
- Standort
- oops,wrong.planet..
- Aktuelle Projekte
- Seti,WCG,Einstein + was gerade Hilfe braucht
- Lieblingsprojekt
- Seti
- Meine Systeme
- R7-1700+GTX1070ti,R7-1700+RadeonVII, FX-8350+GTX1050ti, X4-5350+GT1030, X2-240e+RX460
- BOINC-Statistiken
- Folding@Home-Statistiken
- Mein Laptop
- Dell Latitude E7240
- Prozessor
- R9-3950X (@65W)
- Mainboard
- Asus Prime B550plus
- Kühlung
- TR Macho
- Speicher
- 2x16GiB Corsair LPX2666C16
- Grafikprozessor
- Radeon VII
- Display
- LG 32UD99-W 81,3cm
- SSD
- Crucial MX500-250GB, Samsung EVO280 256GB
- HDD
- Seagate 7200.14 2TB (per eSATAp)
- Optisches Laufwerk
- LG DVDRAM GH24NS90
- Soundkarte
- onboard
- Gehäuse
- Nanoxia Deep Silence1
- Netzteil
- BeQuiet StraightPower 11 550W
- Tastatur
- Cherry RS6000
- Maus
- Logitech RX600
- Betriebssystem
- Ubuntu
- Webbrowser
- Feuerfuchs
- Verschiedenes
- 4x Nanoxia Lüfter (120/140mm) , Festplatte in Bitumenbox
Hat zufällig Jemand Benchmarks vor und nach den Kernel-Patches gemacht, um zu schauen, ob die Performance vielleicht leidet?
Ich hab es leider vorher nicht gemacht und habe nun das GEFÜHL, dass Boinc etwas langsamer rechnet.
Ich hab es leider vorher nicht gemacht und habe nun das GEFÜHL, dass Boinc etwas langsamer rechnet.
MagicEye04
Grand Admiral Special
- Mitglied seit
- 20.03.2006
- Beiträge
- 23.317
- Renomée
- 1.900
- Standort
- oops,wrong.planet..
- Aktuelle Projekte
- Seti,WCG,Einstein + was gerade Hilfe braucht
- Lieblingsprojekt
- Seti
- Meine Systeme
- R7-1700+GTX1070ti,R7-1700+RadeonVII, FX-8350+GTX1050ti, X4-5350+GT1030, X2-240e+RX460
- BOINC-Statistiken
- Folding@Home-Statistiken
- Mein Laptop
- Dell Latitude E7240
- Prozessor
- R9-3950X (@65W)
- Mainboard
- Asus Prime B550plus
- Kühlung
- TR Macho
- Speicher
- 2x16GiB Corsair LPX2666C16
- Grafikprozessor
- Radeon VII
- Display
- LG 32UD99-W 81,3cm
- SSD
- Crucial MX500-250GB, Samsung EVO280 256GB
- HDD
- Seagate 7200.14 2TB (per eSATAp)
- Optisches Laufwerk
- LG DVDRAM GH24NS90
- Soundkarte
- onboard
- Gehäuse
- Nanoxia Deep Silence1
- Netzteil
- BeQuiet StraightPower 11 550W
- Tastatur
- Cherry RS6000
- Maus
- Logitech RX600
- Betriebssystem
- Ubuntu
- Webbrowser
- Feuerfuchs
- Verschiedenes
- 4x Nanoxia Lüfter (120/140mm) , Festplatte in Bitumenbox
Blöde Frage: was bringt mir denn eigentlich ein gepatchter Kernel? (Spectre1)
Ich hab gerade gelesen, dass Anwendungen, die nicht gepatcht wären, dann trotzdem den Bug ausnutzen können.
Welchen Sinn macht dann ein Kernel-Patch? Eine Schadsoftware würde ja dann selbstverständlich ungepatcht bleiben. :/
Ich hab gerade gelesen, dass Anwendungen, die nicht gepatcht wären, dann trotzdem den Bug ausnutzen können.
Welchen Sinn macht dann ein Kernel-Patch? Eine Schadsoftware würde ja dann selbstverständlich ungepatcht bleiben. :/
sjrothe
Vice Admiral Special
- Mitglied seit
- 19.06.2002
- Beiträge
- 574
- Renomée
- 60
- Standort
- Dresden
- Mein Laptop
- RedmiBook16 R7 4700U 16GB // E7222 (HM76 16GB i7 3610QM SSD+M9T)
- Prozessor
- Ryzen 5 4650 pro // Opteron 3280 // XEON E3-1270
- Mainboard
- Gigabyte B450 Gaming X // Fujitsu //Asrock Z68 Extreme3 Gen3
- Kühlung
- Thermalright AXP-200 Muscle - passte gerade so... // Stock
- Speicher
- 2x16GB DDR4 3600// 2x 8GB DDR3-1600 // 4x 8GB DDR3-1600
- Grafikprozessor
- MSI RX570 8GB // GT520 1GB
- Display
- 2x Dell 24" 1200p + 50" 4K TV
- SSD
- Crucial P5, MX500, MX300 und M500
- HDD
- Hitachi, Toshiba, Samsung, WD aber von Seagate nur ne SSHD
- Optisches Laufwerk
- Pioneer DVR-220, LG CH08LS10 Blu-ray SuperMulti liest nur noch BluRay // --
- Gehäuse
- LIAN LI PC-7FN // Fujitsu MX130 S2
- Netzteil
- TruePowerNew TP550, DANKE ANTEC // Fujitsu 250W
- Betriebssystem
- Windows 10 und besser also Linux ;-)
- Webbrowser
- Firefox + Chromium + Opera
- Verschiedenes
- XBOX360 Controller+ HD-DVD-ROM, 386DX+387,Compaq 486 SX2, Toshiba Sat.220CS, Vobis Pentium Pro
Blöde Frage: was bringt mir denn eigentlich ein gepatchter Kernel? (Spectre1)
Ich hab gerade gelesen, dass Anwendungen, die nicht gepatcht wären, dann trotzdem den Bug ausnutzen können.
Welchen Sinn macht dann ein Kernel-Patch? Eine Schadsoftware würde ja dann selbstverständlich ungepatcht bleiben. :/
Bei AMD ist die CPU Erkennung entscheidend, da keine Spectre 1 Patches benötigt werden, bei Intel ist's ein weiterer Sandsack gegen die Flut.
Ganz genau, die Softwarepakete müssen auch überarbeitet werden. Bei kommerzieller Software unter Windows wird es da sicherlich noch ewig einiges jahrelang angreifbares geben.
Wenn Bios/Microcode und/oder OS sowie eine CPU ohne diese Angreifbarkeit laufen, funktioniert die alte Software vielleicht nicht mehr, kann aber auch keinen Schaden anrichten.
Wie bitte?Bei AMD ist die CPU Erkennung entscheidend, da keine Spectre 1 Patches benötigt werden, bei Intel ist's ein weiterer Sandsack gegen die Flut. ...
Seit wann werden keine Spectre 1 Patches benötigt?
sjrothe
Vice Admiral Special
- Mitglied seit
- 19.06.2002
- Beiträge
- 574
- Renomée
- 60
- Standort
- Dresden
- Mein Laptop
- RedmiBook16 R7 4700U 16GB // E7222 (HM76 16GB i7 3610QM SSD+M9T)
- Prozessor
- Ryzen 5 4650 pro // Opteron 3280 // XEON E3-1270
- Mainboard
- Gigabyte B450 Gaming X // Fujitsu //Asrock Z68 Extreme3 Gen3
- Kühlung
- Thermalright AXP-200 Muscle - passte gerade so... // Stock
- Speicher
- 2x16GB DDR4 3600// 2x 8GB DDR3-1600 // 4x 8GB DDR3-1600
- Grafikprozessor
- MSI RX570 8GB // GT520 1GB
- Display
- 2x Dell 24" 1200p + 50" 4K TV
- SSD
- Crucial P5, MX500, MX300 und M500
- HDD
- Hitachi, Toshiba, Samsung, WD aber von Seagate nur ne SSHD
- Optisches Laufwerk
- Pioneer DVR-220, LG CH08LS10 Blu-ray SuperMulti liest nur noch BluRay // --
- Gehäuse
- LIAN LI PC-7FN // Fujitsu MX130 S2
- Netzteil
- TruePowerNew TP550, DANKE ANTEC // Fujitsu 250W
- Betriebssystem
- Windows 10 und besser also Linux ;-)
- Webbrowser
- Firefox + Chromium + Opera
- Verschiedenes
- XBOX360 Controller+ HD-DVD-ROM, 386DX+387,Compaq 486 SX2, Toshiba Sat.220CS, Vobis Pentium Pro
Bei AMD schon immer, da AMD CPUs nicht von Specte 1 sondern nur mit im Vergleich sehr kleinem Angriffsvektor von Spectre 2 betroffen sind.
Die mediale Verwirrung seitens Intels, Samsung und Co. wirkt wunderbar, warum sonst müssen deren hart betroffenen Gerätereihen nur mit 20-30% statt 50-90% Rabatt unters Volk gedrückt werden.
Die mediale Verwirrung seitens Intels, Samsung und Co. wirkt wunderbar, warum sonst müssen deren hart betroffenen Gerätereihen nur mit 20-30% statt 50-90% Rabatt unters Volk gedrückt werden.
MagicEye04
Grand Admiral Special
- Mitglied seit
- 20.03.2006
- Beiträge
- 23.317
- Renomée
- 1.900
- Standort
- oops,wrong.planet..
- Aktuelle Projekte
- Seti,WCG,Einstein + was gerade Hilfe braucht
- Lieblingsprojekt
- Seti
- Meine Systeme
- R7-1700+GTX1070ti,R7-1700+RadeonVII, FX-8350+GTX1050ti, X4-5350+GT1030, X2-240e+RX460
- BOINC-Statistiken
- Folding@Home-Statistiken
- Mein Laptop
- Dell Latitude E7240
- Prozessor
- R9-3950X (@65W)
- Mainboard
- Asus Prime B550plus
- Kühlung
- TR Macho
- Speicher
- 2x16GiB Corsair LPX2666C16
- Grafikprozessor
- Radeon VII
- Display
- LG 32UD99-W 81,3cm
- SSD
- Crucial MX500-250GB, Samsung EVO280 256GB
- HDD
- Seagate 7200.14 2TB (per eSATAp)
- Optisches Laufwerk
- LG DVDRAM GH24NS90
- Soundkarte
- onboard
- Gehäuse
- Nanoxia Deep Silence1
- Netzteil
- BeQuiet StraightPower 11 550W
- Tastatur
- Cherry RS6000
- Maus
- Logitech RX600
- Betriebssystem
- Ubuntu
- Webbrowser
- Feuerfuchs
- Verschiedenes
- 4x Nanoxia Lüfter (120/140mm) , Festplatte in Bitumenbox
AMD gibt doch selbst zu, dass sie von Spectre1 betroffen sind.
https://www.amd.com/en/corporate/speculative-execution
--- Update ---
AMD gibt doch selbst zu, dass sie von Spectre1 betroffen sind.
https://www.amd.com/en/corporate/speculative-execution
https://www.amd.com/en/corporate/speculative-execution
Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.
We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
--- Update ---
AMD gibt doch selbst zu, dass sie von Spectre1 betroffen sind.
https://www.amd.com/en/corporate/speculative-execution
Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.
We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
Mit dieser Meinung bist du aber ziemlich alleine.... AMD CPUs nicht von Specte 1 ... betroffen sind.
Der einzige, der hier verwirrt ist, bist du.Die mediale Verwirrung ...
sjrothe
Vice Admiral Special
- Mitglied seit
- 19.06.2002
- Beiträge
- 574
- Renomée
- 60
- Standort
- Dresden
- Mein Laptop
- RedmiBook16 R7 4700U 16GB // E7222 (HM76 16GB i7 3610QM SSD+M9T)
- Prozessor
- Ryzen 5 4650 pro // Opteron 3280 // XEON E3-1270
- Mainboard
- Gigabyte B450 Gaming X // Fujitsu //Asrock Z68 Extreme3 Gen3
- Kühlung
- Thermalright AXP-200 Muscle - passte gerade so... // Stock
- Speicher
- 2x16GB DDR4 3600// 2x 8GB DDR3-1600 // 4x 8GB DDR3-1600
- Grafikprozessor
- MSI RX570 8GB // GT520 1GB
- Display
- 2x Dell 24" 1200p + 50" 4K TV
- SSD
- Crucial P5, MX500, MX300 und M500
- HDD
- Hitachi, Toshiba, Samsung, WD aber von Seagate nur ne SSHD
- Optisches Laufwerk
- Pioneer DVR-220, LG CH08LS10 Blu-ray SuperMulti liest nur noch BluRay // --
- Gehäuse
- LIAN LI PC-7FN // Fujitsu MX130 S2
- Netzteil
- TruePowerNew TP550, DANKE ANTEC // Fujitsu 250W
- Betriebssystem
- Windows 10 und besser also Linux ;-)
- Webbrowser
- Firefox + Chromium + Opera
- Verschiedenes
- XBOX360 Controller+ HD-DVD-ROM, 386DX+387,Compaq 486 SX2, Toshiba Sat.220CS, Vobis Pentium Pro
Oh sorry da bin ich wohl selbst mit den Spectre Nummerierungen durcheinander gekommen.
Und diese Einsicht kommt dir erst jetzt?Oh sorry da bin ich wohl selbst mit den Spectre Nummerierungen durcheinander gekommen.
Du hast Spectre 1 mit Meltdown verwechselt.
TAL9000
Grand Admiral Special
- Mitglied seit
- 20.03.2007
- Beiträge
- 5.945
- Renomée
- 654
- Standort
- nähe Giessen
- Mitglied der Planet 3DNow! Kavallerie!
- Aktuelle Projekte
- was halt so geht, bervozuge aber Bio/Physik/Astronomie Projekte
- Lieblingsprojekt
- SIMAP, danach kam mMn nichts mehr direkt produktives
- Meine Systeme
- Ryzen 3700X; 4650G; 1700X; Intel 8x i5-2/3xxx Radeon RX6950XT; RX6500XT; HD5830; 2xHD5850; 4xRX560; RX580x
- BOINC-Statistiken
- Folding@Home-Statistiken
- Mein Laptop
- Fujitsu LifeBook E546 FJNB291
- Prozessor
- AMD Ryzen 7 3700X // Ryzen 5 4650G // Intel Core i7-3770 + i5-3570K
- Mainboard
- MSI B350 PC Mate // ASRock A300-STX // 2x Intel DH77EB
- Kühlung
- Arctic Liquid Freezer 240 + 2x SilverStone FW121 // Noctua NH-L9a // AC Freezer 7 // Intel E41759
- Speicher
- 2x16GB DDR4-3200 // 2x8GB DDR4-3200 // 2x8GB DDR3-1600 // 4x4GB DDR3-1600
- Grafikprozessor
- PowerColor Radeon RX 6950 XT Red Devil 16G // AMD IGP // Sapphire Pulse RX 6500 XT 4G // Intel IGP
- Display
- 24" Lenovo ThinkVision LT2452p 1920x1200
- SSD
- WD_BLACK SN750 500GB // Transcend MTE110S 256GB // Canvas SL308 250GB // Crucial MX500 250GB
- HDD
- MG06ACA800E 8TB // Z5K1000 1TB // HDWA120EZSTA 2TB // HD153UI 1,5TB
- Optisches Laufwerk
- - // - // LiteOn iHAS120 DVD-RW // LG DVD-RW
- Soundkarte
- OnBoard
- Gehäuse
- Enermax iVektor schwarz // AsRock DeskMini // Chenbro PC31031 // TFX Desktop
- Netzteil
- be quiet! Dark Power Pro 11 650W // ex 19V // FSP Hexa 85+ Pro 450W // Seasonic SS-300TFX
- Tastatur
- Qpad 3202-MK85 Cherry MX-Brown
- Maus
- VERTI WM25
- Betriebssystem
- Win10pro x64 // Ubuntu Xfce (Mint) // Win10pro x64 // Ubuntu Xfce (Mint)
- Webbrowser
- Firefox
- Verschiedenes
- Danke thorsam & JagDoc, KVM ATEN CS1764 4-fach Desktop , USV 2xAPC BR900GI, NAS QNAP TS-431P2-8G + TS-462-16G je 4x4TB
- Internetanbindung
-
▼50 MBit
▲10 MBit
Tool ist mittlerweile auf v0.37+ und prüft auch auf:
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
Code:
tal9000@TAL9002 ~ $ sudo sh spectre-meltdown-checker.sh
[sudo] password for tal9000:
Spectre and Meltdown mitigation detection tool v0.37+
Checking for vulnerabilities on current system
Kernel is Linux 4.4.0-127-generic #153~14.04.1-Ubuntu SMP Sat May 19 14:00:03 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* CPU microcode is known to cause stability problems: NO (model 37 stepping 5 ucode 0x4 cpuid 0x20655)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
* Vulnerable to Variant 3a: YES
* Vulnerable to Variant 4: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (Mitigation: OSB (observable speculation barrier, Intel v6))
* Kernel has array_index_mask_nospec (x86): NO
* Kernel has the Red Hat/Ubuntu patch: YES
* Kernel has mask_nospec64 (arm): NO
> STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: NO
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: NO
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline is mitigating the vulnerability)
IBPB is considered as a good addition to retpoline for Variant 2 mitigation, but your CPU microcode doesn't support it
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: NO
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)
> How to fix: The microcode of your CPU needs to be upgraded to mitigate this vulnerability. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). The microcode update is enough, there is no additional OS, kernel or software change needed.
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: NO (Vulnerable)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: VULNERABLE (Your CPU doesn't support SSBD)
> How to fix: Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use. The microcode of your CPU hence needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section).
A false sense of security is worse than no security at all, see --disclaimer
RedBaron
Admiral Special
- Mitglied seit
- 23.08.2006
- Beiträge
- 1.634
- Renomée
- 115
- Mein Laptop
- HP14s-dq2222ng Pentium Gold 7505 2,0GHz,16GB DDR4-3200 MHz(2x8GB),256GB NVMe SSD,Windows 11 Pro 23H2
- Prozessor
- AMD Ryzen 9 7900X B2 Stepping
- Mainboard
- ASRock B650E PG Riptide WiFi UEFI Ver. 2.10
- Kühlung
- AiO: AC Liquid Freezer 240 4xF12 120mm Lüfter, Gehäuse: 1 Pure Wings 2 140mm, 1 Pure Wings 2 120mm
- Speicher
- 128 GiB Kingston DDR5 4200MHz@1.1V KVR56U46BD8-32 (SK Hynix A-Die)
- Grafikprozessor
- PowerColor RX 7700 XT 12G-F/OC, 12GB GDDR6
- Display
- LG 35WN65C-B Professional 35 Zoll, 3440x1440 Pixel, 100Hz, UWQHD, HDR
- SSD
- Kingston KC3000 2TB, Samsung 970 EVO 1 TB, Crucial MX200 256 GB, SanDisk SDSSDP128GS 128 GB
- HDD
- Seagate Ironwolf ST4000VN006-3CW104 4TB SATA3, gedämmt, 2x Seagate 4TB USB 3.2 extern
- Optisches Laufwerk
- LG Electronics BH16NS40 Blu-ray Disc Writer, gedämmt montiert
- Soundkarte
- Realtek ALC897
- Gehäuse
- Be Quiet Silent Base 600 Schall-gedämmt
- Netzteil
- Be Quiet Straight Power E8 580W 80+ Gold
- Tastatur
- Logitech K280e Corded Keyboard
- Maus
- Logitech M500 Corded Mouse
- Betriebssystem
- Linux Mint 21.3 Cinnamon x64, Windows 11 Pro 23H2 x64
- Webbrowser
- Firefox 125
- Verschiedenes
- 3D Connexion SpaceNavigator, HP Color LaserJet Pro MFP M181fw, Fritzbox 7590 AX-V2 & 7530 als Mesh, Creative i-Trigue 330, Speedlink Competition Pro USB, 3,5"Disketten-Laufwerk, RS232-Port
- Internetanbindung
- ▼250 ▲40
- Ryzen 1800X
- Asus ROG Strix B350-F Gaming, UEFI Ver. 4011 vom 19.04.2018
- Ubuntu 18.04 LTS, Kernel 4.15.0-22
Ausgabe von dmesg | grep microcode:
- Asus ROG Strix B350-F Gaming, UEFI Ver. 4011 vom 19.04.2018
- Ubuntu 18.04 LTS, Kernel 4.15.0-22
Code:
Spectre and Meltdown mitigation detection tool v0.37+
Checking for vulnerabilities on current system
Kernel is Linux 4.15.0-22-generic #24-Ubuntu SMP Wed May 16 12:15:17 UTC 2018 x86_64
CPU is AMD Ryzen 7 1800X Eight-Core Processor
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* CPU indicates preferring IBRS always-on: NO
* CPU indicates preferring IBRS over retpoline: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* CPU indicates preferring STIBP always-on: NO
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (AMD non-architectural MSR)
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* CPU microcode is known to cause stability problems: NO (model 0x1 family 0x17 stepping 0x1 ucode 0x8001137 cpuid 0x800f11)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: NO
* Vulnerable to Variant 3a: NO
* Vulnerable to Variant 4: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec (x86): YES (1 occurrence(s) found of 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline, IBPB)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: NO
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: NO
* Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
Ausgabe von dmesg | grep microcode:
Code:
[ 0.857758] microcode: CPU0: patch_level=0x08001137
[ 0.857763] microcode: CPU1: patch_level=0x08001137
[ 0.857766] microcode: CPU2: patch_level=0x08001137
[ 0.857773] microcode: CPU3: patch_level=0x08001137
[ 0.857796] microcode: CPU4: patch_level=0x08001137
[ 0.857809] microcode: CPU5: patch_level=0x08001137
[ 0.857829] microcode: CPU6: patch_level=0x08001137
[ 0.857841] microcode: CPU7: patch_level=0x08001137
[ 0.857862] microcode: CPU8: patch_level=0x08001137
[ 0.857875] microcode: CPU9: patch_level=0x08001137
[ 0.857896] microcode: CPU10: patch_level=0x08001137
[ 0.857909] microcode: CPU11: patch_level=0x08001137
[ 0.857921] microcode: CPU12: patch_level=0x08001137
[ 0.857929] microcode: CPU13: patch_level=0x08001137
[ 0.857944] microcode: CPU14: patch_level=0x08001137
[ 0.857957] microcode: CPU15: patch_level=0x08001137
[ 0.857993] microcode: Microcode Update Driver: v2.2.
Zuletzt bearbeitet:
eratte
Redaktion
☆☆☆☆☆☆
- Mitglied seit
- 11.11.2001
- Beiträge
- 21.914
- Renomée
- 2.830
- Standort
- Rheinberg / NRW
- Mitglied der Planet 3DNow! Kavallerie!
- Aktuelle Projekte
- YoYo, Collatz
- Lieblingsprojekt
- YoYo
- Meine Systeme
- Wegen der aktuellen Lage alles aus.
- BOINC-Statistiken
- Mein Laptop
- Lenovo ThinkPad E15 Gen4 Intel / HP PAVILION 14-dk0002ng
- Prozessor
- Ryzen R9 7950X
- Mainboard
- ASUS ROG Crosshair X670E Hero
- Kühlung
- Noctua NH-D15
- Speicher
- 2 x 32 GB G.Skill Trident Z DDR5 6000 CL30-40-40-96
- Grafikprozessor
- Sapphire Radeon RX7900XTX Gaming OC Nitro+
- Display
- 2 x ASUS XG27AQ (2560x1440@144 Hz)
- SSD
- Samsung 980 Pro 1 TB & Lexar NM790 4 TB
- Optisches Laufwerk
- USB Blu-Ray Brenner
- Soundkarte
- Onboard
- Gehäuse
- NEXT H7 Flow Schwarz
- Netzteil
- Corsair HX1000 (80+ Platinum)
- Tastatur
- ASUS ROG Strix Scope RX TKL Wireless / 2. Rechner&Server Cherry G80-3000N RGB TKL
- Maus
- ROG Gladius III Wireless / 2. Rechner&Server Sharkoon Light2 180
- Betriebssystem
- Windows 11 Pro 64
- Webbrowser
- Firefox
- Verschiedenes
- 4 x BQ Light Wings 14. 1 x NF-A14 Noctua Lüfter. Corsair HS80 Headset .
- Internetanbindung
- ▼VDSL 100 ▲VDSL 100
AsRock hat für das Z77E-ITX ein BETA BIOS 2.0 mit neuem MicroCode veröffentlicht.
Mint 18.3
Mint 18.3
Spectre and Meltdown mitigation detection tool v0.37+
Checking for vulnerabilities on current system
Kernel is Linux 4.13.0-45-generic #50~16.04.1-Ubuntu SMP Wed May 30 11:18:27 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* CPU microcode is known to cause stability problems: NO (model 0x3a family 0x6 stepping 0x9 ucode 0x1f cpuid 0x306a9)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
* Vulnerable to Variant 3a: YES
* Vulnerable to Variant 4: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (Mitigation: OSB (observable speculation barrier, Intel v6))
* Kernel has array_index_mask_nospec (x86): NO
* Kernel has the Red Hat/Ubuntu patch: YES
* Kernel has mask_nospec64 (arm): NO
> STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB (Intel v4))
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: NO
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: NO
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)
> How to fix: The microcode of your CPU needs to be upgraded to mitigate this vulnerability. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). The microcode update is enough, there is no additional OS, kernel or software change needed.
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: NO (Vulnerable)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: VULNERABLE (Your CPU doesn't support SSBD)
> How to fix: Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use. The microcode of your CPU hence needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section).
A false sense of security is worse than no security at all, see --disclaimer
TAL9000
Grand Admiral Special
- Mitglied seit
- 20.03.2007
- Beiträge
- 5.945
- Renomée
- 654
- Standort
- nähe Giessen
- Mitglied der Planet 3DNow! Kavallerie!
- Aktuelle Projekte
- was halt so geht, bervozuge aber Bio/Physik/Astronomie Projekte
- Lieblingsprojekt
- SIMAP, danach kam mMn nichts mehr direkt produktives
- Meine Systeme
- Ryzen 3700X; 4650G; 1700X; Intel 8x i5-2/3xxx Radeon RX6950XT; RX6500XT; HD5830; 2xHD5850; 4xRX560; RX580x
- BOINC-Statistiken
- Folding@Home-Statistiken
- Mein Laptop
- Fujitsu LifeBook E546 FJNB291
- Prozessor
- AMD Ryzen 7 3700X // Ryzen 5 4650G // Intel Core i7-3770 + i5-3570K
- Mainboard
- MSI B350 PC Mate // ASRock A300-STX // 2x Intel DH77EB
- Kühlung
- Arctic Liquid Freezer 240 + 2x SilverStone FW121 // Noctua NH-L9a // AC Freezer 7 // Intel E41759
- Speicher
- 2x16GB DDR4-3200 // 2x8GB DDR4-3200 // 2x8GB DDR3-1600 // 4x4GB DDR3-1600
- Grafikprozessor
- PowerColor Radeon RX 6950 XT Red Devil 16G // AMD IGP // Sapphire Pulse RX 6500 XT 4G // Intel IGP
- Display
- 24" Lenovo ThinkVision LT2452p 1920x1200
- SSD
- WD_BLACK SN750 500GB // Transcend MTE110S 256GB // Canvas SL308 250GB // Crucial MX500 250GB
- HDD
- MG06ACA800E 8TB // Z5K1000 1TB // HDWA120EZSTA 2TB // HD153UI 1,5TB
- Optisches Laufwerk
- - // - // LiteOn iHAS120 DVD-RW // LG DVD-RW
- Soundkarte
- OnBoard
- Gehäuse
- Enermax iVektor schwarz // AsRock DeskMini // Chenbro PC31031 // TFX Desktop
- Netzteil
- be quiet! Dark Power Pro 11 650W // ex 19V // FSP Hexa 85+ Pro 450W // Seasonic SS-300TFX
- Tastatur
- Qpad 3202-MK85 Cherry MX-Brown
- Maus
- VERTI WM25
- Betriebssystem
- Win10pro x64 // Ubuntu Xfce (Mint) // Win10pro x64 // Ubuntu Xfce (Mint)
- Webbrowser
- Firefox
- Verschiedenes
- Danke thorsam & JagDoc, KVM ATEN CS1764 4-fach Desktop , USV 2xAPC BR900GI, NAS QNAP TS-431P2-8G + TS-462-16G je 4x4TB
- Internetanbindung
-
▼50 MBit
▲10 MBit
1 Jahr danach:
Update auf Linux Mint 19.1 mit meinem alten i3-540
intel-microcode 3.20180807a.0ubuntu0.18.04.1
Update auf Linux Mint 19.1 mit meinem alten i3-540
intel-microcode 3.20180807a.0ubuntu0.18.04.1
Code:
Spectre and Meltdown mitigation detection tool v0.40
Checking for vulnerabilities on current system
Kernel is Linux 4.15.0-43-generic #46-Ubuntu SMP Thu Dec 6 14:45:28 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: YES
* CPU indicates L1D flush capability: YES (L1D flush feature bit)
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU microcode is known to cause stability problems: NO (model 0x25 family 0x6 stepping 0x5 ucode 0x7 cpuid 0x20655)
* CPU microcode is the latest known available version: YES (latest version is 0x7 dated 2018/04/23 according to builtin MCExtractor DB v84 - 2018/09/27)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
* Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
* Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for kernel and firmware code)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: YES
> STATUS: NOT VULNERABLE (Mitigation: PTE Inversion)
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: VMX: conditional cache flushes, SMT vulnerable
* This system is a host running a hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: NO
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
* L1D flush enabled: YES (conditional flushes)
* Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
* Hyper-Threading (SMT) is enabled: YES
> STATUS: NOT VULNERABLE (this system is not running a hypervisor)
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK
Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
RedBaron
Admiral Special
- Mitglied seit
- 23.08.2006
- Beiträge
- 1.634
- Renomée
- 115
- Mein Laptop
- HP14s-dq2222ng Pentium Gold 7505 2,0GHz,16GB DDR4-3200 MHz(2x8GB),256GB NVMe SSD,Windows 11 Pro 23H2
- Prozessor
- AMD Ryzen 9 7900X B2 Stepping
- Mainboard
- ASRock B650E PG Riptide WiFi UEFI Ver. 2.10
- Kühlung
- AiO: AC Liquid Freezer 240 4xF12 120mm Lüfter, Gehäuse: 1 Pure Wings 2 140mm, 1 Pure Wings 2 120mm
- Speicher
- 128 GiB Kingston DDR5 4200MHz@1.1V KVR56U46BD8-32 (SK Hynix A-Die)
- Grafikprozessor
- PowerColor RX 7700 XT 12G-F/OC, 12GB GDDR6
- Display
- LG 35WN65C-B Professional 35 Zoll, 3440x1440 Pixel, 100Hz, UWQHD, HDR
- SSD
- Kingston KC3000 2TB, Samsung 970 EVO 1 TB, Crucial MX200 256 GB, SanDisk SDSSDP128GS 128 GB
- HDD
- Seagate Ironwolf ST4000VN006-3CW104 4TB SATA3, gedämmt, 2x Seagate 4TB USB 3.2 extern
- Optisches Laufwerk
- LG Electronics BH16NS40 Blu-ray Disc Writer, gedämmt montiert
- Soundkarte
- Realtek ALC897
- Gehäuse
- Be Quiet Silent Base 600 Schall-gedämmt
- Netzteil
- Be Quiet Straight Power E8 580W 80+ Gold
- Tastatur
- Logitech K280e Corded Keyboard
- Maus
- Logitech M500 Corded Mouse
- Betriebssystem
- Linux Mint 21.3 Cinnamon x64, Windows 11 Pro 23H2 x64
- Webbrowser
- Firefox 125
- Verschiedenes
- 3D Connexion SpaceNavigator, HP Color LaserJet Pro MFP M181fw, Fritzbox 7590 AX-V2 & 7530 als Mesh, Creative i-Trigue 330, Speedlink Competition Pro USB, 3,5"Disketten-Laufwerk, RS232-Port
- Internetanbindung
- ▼250 ▲40
Daten des System, ausgelesen mit sudo inxi -F
Ubuntu 18.04.2 LTS mit Kernel 4.15.0-45 generic
AMD Ryzen 7 2700X mit Asus ROG Strix B350-F Gaming, UEFI 4207 vom 7.12.2018
Ubuntu 18.04.2 LTS mit Kernel 4.15.0-45 generic
AMD Ryzen 7 2700X mit Asus ROG Strix B350-F Gaming, UEFI 4207 vom 7.12.2018
Code:
System: Host: workstation Kernel: 4.15.0-45-generic x86_64 bits: 64 Console: tty 1 Distro: Ubuntu 18.04.2 LTS
Machine: Device: desktop Mobo: ASUSTeK model: ROG STRIX B350-F GAMING v: Rev X.0x serial: 171114554600447
UEFI: American Megatrends v: 4207 date: 12/07/2018
CPU: 8 core AMD Ryzen 7 2700X Eight-Core (-MT-MCP-) cache: 4096 KB
clock speeds: max: 3700 MHz 1: 2058 MHz 2: 2036 MHz 3: 1982 MHz 4: 2051 MHz 5: 2074 MHz 6: 2050 MHz
7: 2054 MHz 8: 2062 MHz 9: 1967 MHz 10: 1920 MHz 11: 1909 MHz 12: 2032 MHz 13: 1915 MHz 14: 2030 MHz
15: 2194 MHz 16: 2193 MHz
Graphics: Card: Advanced Micro Devices [AMD/ATI] Ellesmere [Radeon Pro WX 5100]
Display Server: X.Org 1.19.6 driver: amdgpu Resolution: 1920x1080@60.00hz
OpenGL: renderer: AMD Radeon Pro WX 5100 Graphics (POLARIS10, DRM 3.23.0, 4.15.0-45-generic, LLVM 7.0.0)
version: 4.5 Mesa 18.2.2
Audio: Card-1 Advanced Micro Devices [AMD] Family 17h (Models 00h-0fh) HD Audio Controller
driver: snd_hda_intel
Card-2 Advanced Micro Devices [AMD/ATI] Ellesmere HDMI Audio [Radeon RX 470/480 / 570/580/590]
driver: snd_hda_intel
Sound: Advanced Linux Sound Architecture v: k4.15.0-45-generic
Network: Card: Intel I211 Gigabit Network Connection driver: igb
IF: enp4s0 state: up speed: 1000 Mbps duplex: full mac: 2c:fd:a1:bc:cb:a3
Drives: HDD Total Size: 5379.1GB (2.5% used)
ID-1: /dev/nvme0n1 model: Samsung_SSD_970_EVO_1TB size: 1000.2GB
ID-2: /dev/sda model: Crucial_CT250MX2 size: 250.1GB
ID-3: /dev/sdb model: SanDisk_SDSSDP12 size: 128.0GB
ID-4: /dev/sdc model: ST4000DX001 size: 4000.8GB
Partition: ID-1: / size: 209G used: 11G (6%) fs: ext4 dev: /dev/nvme0n1p5
ID-2: /home size: 229G used: 2.1G (1%) fs: ext4 dev: /dev/sda1
ID-3: swap-1 size: 128.03GB used: 0.00GB (0%) fs: swap dev: /dev/sdb1
RAID: No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors: System Temperatures: cpu: 26.0C mobo: N/A gpu: 36.0
Fan Speeds (in rpm): cpu: 0
Info: Processes: 379 Uptime: 12 min Memory: 1866.5/32167.7MB Client: Shell (sudo) inxi: 2.3.56
Code:
user@computer:~$ sudo sh spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.40
Checking for vulnerabilities on current system
Kernel is Linux 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64
CPU is AMD Ryzen 7 2700X Eight-Core Processor
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* CPU indicates preferring IBRS always-on: NO
* CPU indicates preferring IBRS over retpoline: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* CPU indicates preferring STIBP always-on: NO
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (AMD non-architectural MSR)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: NO
* CPU indicates L1D flush capability: NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU microcode is known to cause stability problems: NO (model 0x8 family 0x17 stepping 0x2 ucode 0x800820b cpuid 0x800f82)
* CPU microcode is the latest known available version: YES (latest version is 0x800820b dated 2018/06/20 according to builtin MCExtractor DB v96 - 2019/01/15)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
* Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): NO
* Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline, IBPB)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: NO
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: NO
* Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface:
* This system is a host running a hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: N/A (the kvm_intel module is not loaded)
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in kernel image)
* L1D flush enabled: UNKNOWN (unrecognized mode)
* Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
* Hyper-Threading (SMT) is enabled: YES
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK
Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
TAL9000
Grand Admiral Special
- Mitglied seit
- 20.03.2007
- Beiträge
- 5.945
- Renomée
- 654
- Standort
- nähe Giessen
- Mitglied der Planet 3DNow! Kavallerie!
- Aktuelle Projekte
- was halt so geht, bervozuge aber Bio/Physik/Astronomie Projekte
- Lieblingsprojekt
- SIMAP, danach kam mMn nichts mehr direkt produktives
- Meine Systeme
- Ryzen 3700X; 4650G; 1700X; Intel 8x i5-2/3xxx Radeon RX6950XT; RX6500XT; HD5830; 2xHD5850; 4xRX560; RX580x
- BOINC-Statistiken
- Folding@Home-Statistiken
- Mein Laptop
- Fujitsu LifeBook E546 FJNB291
- Prozessor
- AMD Ryzen 7 3700X // Ryzen 5 4650G // Intel Core i7-3770 + i5-3570K
- Mainboard
- MSI B350 PC Mate // ASRock A300-STX // 2x Intel DH77EB
- Kühlung
- Arctic Liquid Freezer 240 + 2x SilverStone FW121 // Noctua NH-L9a // AC Freezer 7 // Intel E41759
- Speicher
- 2x16GB DDR4-3200 // 2x8GB DDR4-3200 // 2x8GB DDR3-1600 // 4x4GB DDR3-1600
- Grafikprozessor
- PowerColor Radeon RX 6950 XT Red Devil 16G // AMD IGP // Sapphire Pulse RX 6500 XT 4G // Intel IGP
- Display
- 24" Lenovo ThinkVision LT2452p 1920x1200
- SSD
- WD_BLACK SN750 500GB // Transcend MTE110S 256GB // Canvas SL308 250GB // Crucial MX500 250GB
- HDD
- MG06ACA800E 8TB // Z5K1000 1TB // HDWA120EZSTA 2TB // HD153UI 1,5TB
- Optisches Laufwerk
- - // - // LiteOn iHAS120 DVD-RW // LG DVD-RW
- Soundkarte
- OnBoard
- Gehäuse
- Enermax iVektor schwarz // AsRock DeskMini // Chenbro PC31031 // TFX Desktop
- Netzteil
- be quiet! Dark Power Pro 11 650W // ex 19V // FSP Hexa 85+ Pro 450W // Seasonic SS-300TFX
- Tastatur
- Qpad 3202-MK85 Cherry MX-Brown
- Maus
- VERTI WM25
- Betriebssystem
- Win10pro x64 // Ubuntu Xfce (Mint) // Win10pro x64 // Ubuntu Xfce (Mint)
- Webbrowser
- Firefox
- Verschiedenes
- Danke thorsam & JagDoc, KVM ATEN CS1764 4-fach Desktop , USV 2xAPC BR900GI, NAS QNAP TS-431P2-8G + TS-462-16G je 4x4TB
- Internetanbindung
-
▼50 MBit
▲10 MBit
Neu Sicherheitslücken, neue Version des Abfrage Tools und wieder angreifbar
CPU Intel Core i5-660 auf Intel DH55TC BIOS Date: 12/06/2011, Linux Mint 19.1 Tessa mit Kernel 4.15.0-52-generic und intel-microcode 3.20190618.0ubuntu0.18.04.1
CPU Intel Core i5-660 auf Intel DH55TC BIOS Date: 12/06/2011, Linux Mint 19.1 Tessa mit Kernel 4.15.0-52-generic und intel-microcode 3.20190618.0ubuntu0.18.04.1
Abfrage mit
Code:
sudo lshw -C cpu
Code:
sudo dmidecode | grep -A3 'BIOS Information'
Code:
lsb_release -a
Code:
uname -rm
Code:
dpkg-query -W intel-microcode
Spectre and Meltdown mitigation detection tool v0.42 schrieb:Checking for vulnerabilities on current system
Kernel is Linux 4.15.0-52-generic #56-Ubuntu SMP Tue Jun 4 22:49:08 UTC 2019 x86_64
CPU is Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: YES
* CPU indicates L1D flush capability: YES (L1D flush feature bit)
* Microarchitecture Data Sampling
* VERW instruction is available: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
* CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU microcode is known to cause stability problems: NO (model 0x25 family 0x6 stepping 0x5 ucode 0x7 cpuid 0x20655)
* CPU microcode is the latest known available version: YES (latest version is 0x7 dated 2018/04/23 according to builtin MCExtractor DB v112 - 2019/05/22)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
* Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
* Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
* Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
* Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
* Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
* Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
* SSB mitigation is enabled and active: YES (per-thread through prctl)
* SSB mitigation currently active for selected processes: YES (ModemManager systemd-journald systemd-logind systemd-resolved systemd-udevd)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: YES
> STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
* This system is a host running a hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: NO
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
* L1D flush enabled: YES (conditional flushes)
* Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
* Hyper-Threading (SMT) is enabled: YES
> STATUS: NOT VULNERABLE (this system is not running a hypervisor)
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:KO CVE-2018-12130:KO CVE-2018-12127:KO CVE-2019-11091:KO
Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
Peet007
Admiral Special
So sieht es bei Zen 1 aus
Scheint alles OK zu sein nur der microcode wird als "nicht aktuell" angezeigt.
Code:
Checking for vulnerabilities on current system
Kernel is Linux 5.0.19-19.05.27.amdgpu.ubuntu #1 SMP Mon May 27 08:23:24 CEST 2019 x86_64
CPU is AMD Ryzen 7 1700X Eight-Core Processor
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* CPU indicates preferring IBRS always-on: NO
* CPU indicates preferring IBRS over retpoline: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* CPU indicates preferring STIBP always-on: NO
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (AMD non-architectural MSR)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: NO
* CPU indicates L1D flush capability: NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU microcode is known to cause stability problems: NO (model 0x1 family 0x17 stepping 0x1 ucode 0x8001137 cpuid 0x800f11)
* CPU microcode is the latest known available version: NO (latest version is 0x8001138 dated 2019/02/04 according to builtin MCExtractor DB v112 - 2019/05/22)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
* Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): NO
* Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
* Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
* Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
* Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
* Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: NO
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: NO
* Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
* SSB mitigation is enabled and active: YES (per-thread through prctl)
* SSB mitigation currently active for selected processes: YES (ModemManager systemd-journald systemd-logind systemd-resolved systemd-timesyncd systemd-udevd waterfox)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Not affected
* This system is a host running a hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: N/A (the kvm_intel module is not loaded)
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in kernel image)
* L1D flush enabled: NO
* Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
* Hyper-Threading (SMT) is enabled: YES
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK
Scheint alles OK zu sein nur der microcode wird als "nicht aktuell" angezeigt.
tomturbo
Technische Administration, Dinosaurier
- Mitglied seit
- 30.11.2005
- Beiträge
- 9.455
- Renomée
- 665
- Standort
- Österreich
- Aktuelle Projekte
- Universe@HOME, Asteroids@HOME
- Lieblingsprojekt
- SETI@HOME
- Meine Systeme
- Xeon E3-1245V6; Raspberry Pi 4; Ryzen 1700X; EPIC 7351
- BOINC-Statistiken
- Mein Laptop
- Microsoft Surface Pro 4
- Prozessor
- R7 5800X
- Mainboard
- Asus ROG STRIX B550-A GAMING
- Kühlung
- Alpenfön Ben Nevis Rev B
- Speicher
- 2x32GB Mushkin, D464GB 3200-22 Essentials
- Grafikprozessor
- Sapphire Radeon RX 460 2GB
- Display
- BenQ PD3220U, 31.5" 4K
- SSD
- 1x HP SSD EX950 1TB, 1x SAMSUNG SSD 830 Series 256 GB, 1x Crucial_CT256MX100SSD1
- HDD
- Toshiba X300 5TB
- Optisches Laufwerk
- Samsung Brenner
- Soundkarte
- onboard
- Gehäuse
- Fractal Design Define R4
- Netzteil
- XFX 550W
- Tastatur
- Trust ASTA mechanical
- Maus
- irgend eine silent Maus
- Betriebssystem
- Arch Linux, Windows VM
- Webbrowser
- Firefox + Chromium + Konqueror
- Internetanbindung
-
▼300
▲50
Arch Linux
Kernel 5.1.12-arch1-1-ARCH
Scheint alles klar zu sein
Kernel 5.1.12-arch1-1-ARCH
Code:
Checking for vulnerabilities on current system
Kernel is Linux 5.1.12-arch1-1-ARCH #1 SMP PREEMPT Wed Jun 19 09:16:00 UTC 2019 x86_64
CPU is AMD FX-8320E Eight-Core Processor
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* CPU indicates preferring IBRS always-on: NO
* CPU indicates preferring IBRS over retpoline: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* CPU indicates preferring STIBP always-on: NO
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (AMD non-architectural MSR)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: NO
* CPU indicates L1D flush capability: NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU microcode is known to cause stability problems: NO (model 0x2 family 0x15 stepping 0x0 ucode 0x6000852 cpuid 0x600f20)
* CPU microcode is the latest known available version: YES (latest version is 0x6000852 dated 2018/02/06 according to builtin MCExtractor DB v112 - 2019/05/22)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
* Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): NO
* Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
* Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
* Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
* Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
* Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: NO
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: NO
* Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
* SSB mitigation is enabled and active: YES (per-thread through prctl)
* SSB mitigation currently active for selected processes: YES (firefox systemd-journald systemd-logind systemd-udevd upowerd)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Not affected
* This system is a host running a hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: N/A (the kvm_intel module is not loaded)
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in kernel image)
* L1D flush enabled: NO
* Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
* Hyper-Threading (SMT) is enabled: YES
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-36
Scheint alles klar zu sein
TAL9000
Grand Admiral Special
- Mitglied seit
- 20.03.2007
- Beiträge
- 5.945
- Renomée
- 654
- Standort
- nähe Giessen
- Mitglied der Planet 3DNow! Kavallerie!
- Aktuelle Projekte
- was halt so geht, bervozuge aber Bio/Physik/Astronomie Projekte
- Lieblingsprojekt
- SIMAP, danach kam mMn nichts mehr direkt produktives
- Meine Systeme
- Ryzen 3700X; 4650G; 1700X; Intel 8x i5-2/3xxx Radeon RX6950XT; RX6500XT; HD5830; 2xHD5850; 4xRX560; RX580x
- BOINC-Statistiken
- Folding@Home-Statistiken
- Mein Laptop
- Fujitsu LifeBook E546 FJNB291
- Prozessor
- AMD Ryzen 7 3700X // Ryzen 5 4650G // Intel Core i7-3770 + i5-3570K
- Mainboard
- MSI B350 PC Mate // ASRock A300-STX // 2x Intel DH77EB
- Kühlung
- Arctic Liquid Freezer 240 + 2x SilverStone FW121 // Noctua NH-L9a // AC Freezer 7 // Intel E41759
- Speicher
- 2x16GB DDR4-3200 // 2x8GB DDR4-3200 // 2x8GB DDR3-1600 // 4x4GB DDR3-1600
- Grafikprozessor
- PowerColor Radeon RX 6950 XT Red Devil 16G // AMD IGP // Sapphire Pulse RX 6500 XT 4G // Intel IGP
- Display
- 24" Lenovo ThinkVision LT2452p 1920x1200
- SSD
- WD_BLACK SN750 500GB // Transcend MTE110S 256GB // Canvas SL308 250GB // Crucial MX500 250GB
- HDD
- MG06ACA800E 8TB // Z5K1000 1TB // HDWA120EZSTA 2TB // HD153UI 1,5TB
- Optisches Laufwerk
- - // - // LiteOn iHAS120 DVD-RW // LG DVD-RW
- Soundkarte
- OnBoard
- Gehäuse
- Enermax iVektor schwarz // AsRock DeskMini // Chenbro PC31031 // TFX Desktop
- Netzteil
- be quiet! Dark Power Pro 11 650W // ex 19V // FSP Hexa 85+ Pro 450W // Seasonic SS-300TFX
- Tastatur
- Qpad 3202-MK85 Cherry MX-Brown
- Maus
- VERTI WM25
- Betriebssystem
- Win10pro x64 // Ubuntu Xfce (Mint) // Win10pro x64 // Ubuntu Xfce (Mint)
- Webbrowser
- Firefox
- Verschiedenes
- Danke thorsam & JagDoc, KVM ATEN CS1764 4-fach Desktop , USV 2xAPC BR900GI, NAS QNAP TS-431P2-8G + TS-462-16G je 4x4TB
- Internetanbindung
-
▼50 MBit
▲10 MBit
Mal aus Neugier und neuer Plattform wieder geprüft:
Intel Core i5-2400 CPU @ 3.10GHz
Intel DH67GD BLKDH67GDBLH6710H.86A.0163.2018.1023.1559 Release Date: 10/23/2018
Linux Mint 19.3 Tricia 5.3.0-53-generic x86_64
intel-microcode 3.20191115.1ubuntu0.18.04.2
Intel Core i5-2400 CPU @ 3.10GHz
Intel DH67GD BLKDH67GDBLH6710H.86A.0163.2018.1023.1559 Release Date: 10/23/2018
Linux Mint 19.3 Tricia 5.3.0-53-generic x86_64
intel-microcode 3.20191115.1ubuntu0.18.04.2
Spectre and Meltdown mitigation detection tool v0.43 schrieb:Checking for vulnerabilities on current system
Kernel is Linux 5.3.0-53-generic #47~18.04.1-Ubuntu SMP Thu May 7 13:10:50 UTC 2020 x86_64
CPU is Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: YES
* CPU indicates L1D flush capability: YES (L1D flush feature bit)
* Microarchitectural Data Sampling
* VERW instruction is available: YES (MD_CLEAR feature bit)
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
* CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): NO
* CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO): NO
* CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO): NO
* CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): NO
* CPU supports Transactional Synchronization Extensions (TSX): NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU microcode is known to cause stability problems: NO (family 0x6 model 0x2a stepping 0x7 ucode 0x2f cpuid 0x206a7)
* CPU microcode is the latest known available version: YES (latest version is 0x2f dated 2019/02/17 according to builtin firmwares DB v135.20200303+i20200205)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
* Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
* Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
* Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
* Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
* Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
* Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
* Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
* Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
* Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
CVE-2017-5715 aka Spectre Variant 2, branch target injection
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
* Running as a Xen PV DomU: NO
STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 aka Variant 3a, rogue system register read
* CPU microcode mitigates the vulnerability: YES
STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
CVE-2018-3639 aka Variant 4, speculative store bypass
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
* SSB mitigation is enabled and active: YES (per-thread through prctl)
* SSB mitigation currently active for selected processes: YES (firefox ModemManager systemd-journald systemd-logind systemd-resolved systemd-udevd)
STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
* CPU microcode mitigates the vulnerability: N/A
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
* Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: YES
STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault
* Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
* This system is a host running a hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: NO
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
* L1D flush enabled: YES (conditional flushes)
* Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
* Hyper-Threading (SMT) is enabled: NO
STATUS: NOT VULNERABLE (this system is not running a hypervisor)
CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
* Mitigated according to the /sys interface: YES (Not affected)
* TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
* TAA mitigation enabled and active: NO
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
* Mitigated according to the /sys interface: YES (KVM: Mitigation: Split huge pages)
* This system is a host running a hypervisor: NO
* iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
* iTLB Multihit mitigation enabled and active: YES (KVM: Mitigation: Split huge pages)
STATUS: NOT VULNERABLE (this system is not running a hypervisor)
SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK
Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
RedBaron
Admiral Special
- Mitglied seit
- 23.08.2006
- Beiträge
- 1.634
- Renomée
- 115
- Mein Laptop
- HP14s-dq2222ng Pentium Gold 7505 2,0GHz,16GB DDR4-3200 MHz(2x8GB),256GB NVMe SSD,Windows 11 Pro 23H2
- Prozessor
- AMD Ryzen 9 7900X B2 Stepping
- Mainboard
- ASRock B650E PG Riptide WiFi UEFI Ver. 2.10
- Kühlung
- AiO: AC Liquid Freezer 240 4xF12 120mm Lüfter, Gehäuse: 1 Pure Wings 2 140mm, 1 Pure Wings 2 120mm
- Speicher
- 128 GiB Kingston DDR5 4200MHz@1.1V KVR56U46BD8-32 (SK Hynix A-Die)
- Grafikprozessor
- PowerColor RX 7700 XT 12G-F/OC, 12GB GDDR6
- Display
- LG 35WN65C-B Professional 35 Zoll, 3440x1440 Pixel, 100Hz, UWQHD, HDR
- SSD
- Kingston KC3000 2TB, Samsung 970 EVO 1 TB, Crucial MX200 256 GB, SanDisk SDSSDP128GS 128 GB
- HDD
- Seagate Ironwolf ST4000VN006-3CW104 4TB SATA3, gedämmt, 2x Seagate 4TB USB 3.2 extern
- Optisches Laufwerk
- LG Electronics BH16NS40 Blu-ray Disc Writer, gedämmt montiert
- Soundkarte
- Realtek ALC897
- Gehäuse
- Be Quiet Silent Base 600 Schall-gedämmt
- Netzteil
- Be Quiet Straight Power E8 580W 80+ Gold
- Tastatur
- Logitech K280e Corded Keyboard
- Maus
- Logitech M500 Corded Mouse
- Betriebssystem
- Linux Mint 21.3 Cinnamon x64, Windows 11 Pro 23H2 x64
- Webbrowser
- Firefox 125
- Verschiedenes
- 3D Connexion SpaceNavigator, HP Color LaserJet Pro MFP M181fw, Fritzbox 7590 AX-V2 & 7530 als Mesh, Creative i-Trigue 330, Speedlink Competition Pro USB, 3,5"Disketten-Laufwerk, RS232-Port
- Internetanbindung
- ▼250 ▲40
System-Daten:
redbaron@redbaron-linux-pc:~$ dmesg | grep microcode
[14556.602044] microcode: CPU1: patch_level=0x08701021
Nach dem letzten UEFI Update mal getestet:redbaron@redbaron-linux-pc:~$ sudo -H inxi -F
System: Host: andreas-linux-pc Kernel: 5.11.0-22-generic x86_64 bits: 64 Desktop: Cinnamon 4.8.6
Distro: Linux Mint 20.1 Ulyssa
Machine: Type: Desktop Mobo: ASUSTeK model: PRIME B450-PLUS v: Rev X.0x serial: 180731568306494 UEFI: American Megatrends
v: 3202 date: 06/16/2021
CPU: Topology: 12-Core model: AMD Ryzen 9 3900X bits: 64 type: MT MCP L2 cache: 6144 KiB
Speed: 2196 MHz min/max: 2200/3800 MHz Core speeds (MHz): 1: 2200 2: 2200 3: 2199 4: 2199 5: 2200 6: 2199 7: 2167
8: 1865 9: 1865 10: 2440 11: 2197 12: 2195 13: 2200 14: 2212 15: 2199 16: 2199 17: 2199 18: 2199 19: 2200 20: 2198
21: 2200 22: 2195 23: 2196 24: 2201
Graphics: Device-1: Advanced Micro Devices [AMD/ATI] Ellesmere [Radeon Pro WX 5100] driver: amdgpu v: kernel
Display: server: X.Org 1.20.9 driver: amdgpu,ati unloaded: fbdev,modesetting,vesa resolution: 1920x1080~60Hz
OpenGL: renderer: AMD Radeon Pro WX 5100 Graphics (POLARIS10 DRM 3.40.0 5.11.0-22-generic LLVM 12.0.0)
v: 4.6 Mesa 21.1.2 - kisak-mesa PPA
Audio: Device-1: AMD Ellesmere HDMI Audio [Radeon RX 470/480 / 570/580/590] driver: snd_hda_intel
Device-2: Advanced Micro Devices [AMD] Starship/Matisse HD Audio driver: snd_hda_intel
Device-3: Logitech Webcam C270 type: USB driver: snd-usb-audio,uvcvideo
Sound Server: ALSA v: k5.11.0-22-generic
Network: Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet driver: r8169
IF: enp4s0 state: up speed: 1000 Mbps duplex: full mac: 0c:9d:92:79:5b:0a
Drives: Local Storage: total: 4.89 TiB used: 302.70 GiB (6.0%)
ID-1: /dev/nvme0n1 vendor: Samsung model: SSD 970 EVO 1TB size: 931.51 GiB
ID-2: /dev/sda vendor: Seagate model: ST4000DX001-1CE168 size: 3.64 TiB
ID-3: /dev/sdb vendor: Crucial model: CT250MX200SSD1 size: 232.89 GiB
ID-4: /dev/sdc vendor: SanDisk model: SDSSDP128G size: 119.24 GiB
Partition: ID-1: / size: 114.11 GiB used: 18.06 GiB (15.8%) fs: ext4 dev: /dev/nvme0n1p4
ID-2: /home size: 228.23 GiB used: 41.52 GiB (18.2%) fs: ext4 dev: /dev/sdb1
ID-3: swap-1 size: 119.23 GiB used: 0 KiB (0.0%) fs: swap dev: /dev/sdc2
Sensors: System Temperatures: cpu: 36.8 C mobo: N/A gpu: amdgpu temp: 58 C
Fan Speeds (RPM): N/A gpu: amdgpu fan: 1185
Info: Processes: 419 Uptime: 16h 25m Memory: 62.79 GiB used: 6.75 GiB (10.7%) Shell: bash inxi: 3.0.38
Spectre and Meltdown mitigation detection tool v0.44+
Checking for vulnerabilities on current system
Kernel is Linux 5.11.0-22-generic #23~20.04.1-Ubuntu SMP Thu Jun 17 12:51:00 UTC 2021 x86_64
CPU is AMD Ryzen 9 3900X 12-Core Processor
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: NO
* CPU indicates preferring IBRS always-on: NO
* CPU indicates preferring IBRS over retpoline: YES
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (AMD STIBP feature bit)
* CPU indicates preferring STIBP always-on: NO
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (AMD SSBD in SPEC_CTRL)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: NO
* CPU indicates L1D flush capability: NO
* CPU supports Transactional Synchronization Extensions (TSX): NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU supports Special Register Buffer Data Sampling (SRBDS): NO
* CPU microcode is known to cause stability problems: NO (family 0x17 model 0x71 stepping 0x0 ucode 0x8701021 cpuid 0x870f10)
* CPU microcode is the latest known available version: YES (latest version is 0x8701021 dated 2020/01/25 according to builtin firmwares DB v191+i20210217)
* CPU vulnerability to the speculative execution attack variants
* Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
* Affected by CVE-2018-3640 (Variant 3a, rogue system register read): NO
* Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
* Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
* Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
* Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
* Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
* Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
* Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
* Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
* Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
* Kernel has array_index_nospec (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: conditional, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: NO
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: UNKNOWN (dmesg truncated, please reboot and relaunch this script)
* Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
* SSB mitigation is enabled and active: YES (per-thread through prctl)
* SSB mitigation currently active for selected processes: YES (firefox geoclue irqbalance ModemManager pulseaudio systemd-journald systemd-logind systemd-resolved systemd-timesyncd systemd-udevd upowerd)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Not affected
* This system is a host running a hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: N/A (the kvm_intel module is not loaded)
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in kernel image)
* L1D flush enabled: NO
* Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
* Hyper-Threading (SMT) is enabled: YES
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
* Mitigated according to the /sys interface: YES (Not affected)
* TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
* TAA mitigation enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
* Mitigated according to the /sys interface: YES (Not affected)
* This system is a host running a hypervisor: NO
* iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
* iTLB Multihit mitigation enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
* SRBDS mitigation control is enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
Zuletzt bearbeitet:
TAL9000
Grand Admiral Special
- Mitglied seit
- 20.03.2007
- Beiträge
- 5.945
- Renomée
- 654
- Standort
- nähe Giessen
- Mitglied der Planet 3DNow! Kavallerie!
- Aktuelle Projekte
- was halt so geht, bervozuge aber Bio/Physik/Astronomie Projekte
- Lieblingsprojekt
- SIMAP, danach kam mMn nichts mehr direkt produktives
- Meine Systeme
- Ryzen 3700X; 4650G; 1700X; Intel 8x i5-2/3xxx Radeon RX6950XT; RX6500XT; HD5830; 2xHD5850; 4xRX560; RX580x
- BOINC-Statistiken
- Folding@Home-Statistiken
- Mein Laptop
- Fujitsu LifeBook E546 FJNB291
- Prozessor
- AMD Ryzen 7 3700X // Ryzen 5 4650G // Intel Core i7-3770 + i5-3570K
- Mainboard
- MSI B350 PC Mate // ASRock A300-STX // 2x Intel DH77EB
- Kühlung
- Arctic Liquid Freezer 240 + 2x SilverStone FW121 // Noctua NH-L9a // AC Freezer 7 // Intel E41759
- Speicher
- 2x16GB DDR4-3200 // 2x8GB DDR4-3200 // 2x8GB DDR3-1600 // 4x4GB DDR3-1600
- Grafikprozessor
- PowerColor Radeon RX 6950 XT Red Devil 16G // AMD IGP // Sapphire Pulse RX 6500 XT 4G // Intel IGP
- Display
- 24" Lenovo ThinkVision LT2452p 1920x1200
- SSD
- WD_BLACK SN750 500GB // Transcend MTE110S 256GB // Canvas SL308 250GB // Crucial MX500 250GB
- HDD
- MG06ACA800E 8TB // Z5K1000 1TB // HDWA120EZSTA 2TB // HD153UI 1,5TB
- Optisches Laufwerk
- - // - // LiteOn iHAS120 DVD-RW // LG DVD-RW
- Soundkarte
- OnBoard
- Gehäuse
- Enermax iVektor schwarz // AsRock DeskMini // Chenbro PC31031 // TFX Desktop
- Netzteil
- be quiet! Dark Power Pro 11 650W // ex 19V // FSP Hexa 85+ Pro 450W // Seasonic SS-300TFX
- Tastatur
- Qpad 3202-MK85 Cherry MX-Brown
- Maus
- VERTI WM25
- Betriebssystem
- Win10pro x64 // Ubuntu Xfce (Mint) // Win10pro x64 // Ubuntu Xfce (Mint)
- Webbrowser
- Firefox
- Verschiedenes
- Danke thorsam & JagDoc, KVM ATEN CS1764 4-fach Desktop , USV 2xAPC BR900GI, NAS QNAP TS-431P2-8G + TS-462-16G je 4x4TB
- Internetanbindung
-
▼50 MBit
▲10 MBit
CPU Upgrade von i5-2400 auf i5-3470
CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: No microcode)
* SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
* SRBDS mitigation control is enabled and active: NO
> STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate the vulnerability)
Microcode ist eigendlich aktuell...
Spectre and Meltdown mitigation detection tool v0.45
Checking for vulnerabilities on current system
Kernel is Linux 5.4.0-137-generic #154-Ubuntu SMP Thu Jan 5 17:03:22 UTC 2023 x86_64
CPU is Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* CPU indicates L1D flush capability: YES (L1D flush feature bit)
* Microarchitectural Data Sampling
* VERW instruction is available: YES (MD_CLEAR feature bit)
* Indirect Branch Predictor Controls
* Indirect Predictor Disable feature is available: NO
* Bottomless RSB Disable feature is available: NO
* BHB-Focused Indirect Predictor Disable feature is available: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being affected by Meltdown/L1TF (RDCL_NO): NO
* CPU explicitly indicates not being affected by Variant 4 (SSB_NO): NO
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
* Hypervisor indicates host CPU might be affected by RSB underflow (RSBA): NO
* CPU explicitly indicates not being affected by Microarchitectural Data Sampling (MDS_NO): NO
* CPU explicitly indicates not being affected by TSX Asynchronous Abort (TAA_NO): NO
* CPU explicitly indicates not being affected by iTLB Multihit (PSCHANGE_MSC_NO): NO
* CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): NO
* CPU supports Transactional Synchronization Extensions (TSX): NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU supports Special Register Buffer Data Sampling (SRBDS): NO
* CPU microcode is known to cause stability problems: NO (family 0x6 model 0x3a stepping 0x9 ucode 0x21 cpuid 0x306a9)
* CPU microcode is the latest known available version: YES (latest version is 0x21 dated 2019/02/13 according to builtin firmwares DB v222+i20220208)
* CPU vulnerability to the speculative execution attack variants
* Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
* Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES
* Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
* Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
* Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
* Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
* Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
* Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
* Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
* Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
* Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): YES
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
* Kernel has array_index_nospec (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
* SSB mitigation is enabled and active: YES (per-thread through prctl)
* SSB mitigation currently active for selected processes: YES (firefox-bin irqbalance ModemManager pulseaudio systemd-journald systemd-logind systemd-resolved systemd-udevd upowerd)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: YES
> STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
* This system is a host running a hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: NO
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
* L1D flush enabled: YES (conditional flushes)
* Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
* Hyper-Threading (SMT) is enabled: NO
> STATUS: NOT VULNERABLE (this system is not running a hypervisor)
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
> STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
> STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
> STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
> STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
* Mitigated according to the /sys interface: YES (Not affected)
* TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
* TAA mitigation enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
* Mitigated according to the /sys interface: YES (KVM: Mitigation: Split huge pages)
* This system is a host running a hypervisor: NO
* iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
* iTLB Multihit mitigation enabled and active: YES (KVM: Mitigation: Split huge pages)
> STATUS: NOT VULNERABLE (this system is not running a hypervisor)
CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: No microcode)
* SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
* SRBDS mitigation control is enabled and active: NO
> STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate the vulnerability)
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:KO
Checking for vulnerabilities on current system
Kernel is Linux 5.4.0-137-generic #154-Ubuntu SMP Thu Jan 5 17:03:22 UTC 2023 x86_64
CPU is Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* CPU indicates L1D flush capability: YES (L1D flush feature bit)
* Microarchitectural Data Sampling
* VERW instruction is available: YES (MD_CLEAR feature bit)
* Indirect Branch Predictor Controls
* Indirect Predictor Disable feature is available: NO
* Bottomless RSB Disable feature is available: NO
* BHB-Focused Indirect Predictor Disable feature is available: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being affected by Meltdown/L1TF (RDCL_NO): NO
* CPU explicitly indicates not being affected by Variant 4 (SSB_NO): NO
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
* Hypervisor indicates host CPU might be affected by RSB underflow (RSBA): NO
* CPU explicitly indicates not being affected by Microarchitectural Data Sampling (MDS_NO): NO
* CPU explicitly indicates not being affected by TSX Asynchronous Abort (TAA_NO): NO
* CPU explicitly indicates not being affected by iTLB Multihit (PSCHANGE_MSC_NO): NO
* CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): NO
* CPU supports Transactional Synchronization Extensions (TSX): NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU supports Special Register Buffer Data Sampling (SRBDS): NO
* CPU microcode is known to cause stability problems: NO (family 0x6 model 0x3a stepping 0x9 ucode 0x21 cpuid 0x306a9)
* CPU microcode is the latest known available version: YES (latest version is 0x21 dated 2019/02/13 according to builtin firmwares DB v222+i20220208)
* CPU vulnerability to the speculative execution attack variants
* Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
* Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES
* Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
* Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
* Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
* Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
* Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
* Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
* Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
* Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
* Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): YES
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
* Kernel has array_index_nospec (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
* SSB mitigation is enabled and active: YES (per-thread through prctl)
* SSB mitigation currently active for selected processes: YES (firefox-bin irqbalance ModemManager pulseaudio systemd-journald systemd-logind systemd-resolved systemd-udevd upowerd)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: YES
> STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
* This system is a host running a hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: NO
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
* L1D flush enabled: YES (conditional flushes)
* Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
* Hyper-Threading (SMT) is enabled: NO
> STATUS: NOT VULNERABLE (this system is not running a hypervisor)
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
> STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
> STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
> STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: YES
> STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
* Mitigated according to the /sys interface: YES (Not affected)
* TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
* TAA mitigation enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
* Mitigated according to the /sys interface: YES (KVM: Mitigation: Split huge pages)
* This system is a host running a hypervisor: NO
* iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
* iTLB Multihit mitigation enabled and active: YES (KVM: Mitigation: Split huge pages)
> STATUS: NOT VULNERABLE (this system is not running a hypervisor)
CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: No microcode)
* SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
* SRBDS mitigation control is enabled and active: NO
> STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate the vulnerability)
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:KO
CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: No microcode)
* SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
* SRBDS mitigation control is enabled and active: NO
> STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate the vulnerability)
Microcode ist eigendlich aktuell...
Ähnliche Themen
- Antworten
- 84
- Aufrufe
- 22K
- Antworten
- 764
- Aufrufe
- 101K
- Antworten
- 8
- Aufrufe
- 4K
- Antworten
- 21
- Aufrufe
- 3K
- Antworten
- 3
- Aufrufe
- 8K