Seite 3 von 3 ErsteErste 123
Ergebnis 51 bis 71 von 71
  1. Beitrag #51
    Admiral
    Special
    Admiral
    Avatar von RedBaron
    • Mein System
      Notebook
      Modell: Toshiba WD30Dt-A100, AMD A1200 APU 1GHz, Win 10 Home x64 1809, 4 GB RAM DDR3 1066 MHz, 500 GB WD-HDD
      Desktopsystem
      Prozessor: AMD Ryzen 7 2700X - 3.7 GHz @ Standard
      Mainboard: Asus ROG STRIX B350-F Gaming UEFI Ver. 4801
      Kühlung: CPU: Arctic-Cooling Liquid Freezer 240, Gehäuse: 1 Pure Wings 2 140mm, 1 Pure Wings 2 120mm
      Arbeitsspeicher: 32 GiB Crucial DDR4 @2400 MHz ECC CL17 CT16G4XFD824A
      Grafikkarte: AMD Radeon Pro WX 5100, 8 GB
      Display: 24 Zoll XORO HTL2335HD 1920*1080p 60Hz
      SSD(s): Samsung 970 EVO 1 TB, Crucial MX200 256 GB, SanDisk SDSSDP128GS 128 GB
      Festplatte(n): Seagate ST4000DX001 SSHD 4TB, Intenso 4TB USB 3.0 extern
      Optische Laufwerke: LG Electronics BH16NS40 Blu-ray Disc Writer
      Soundkarte: Realtek ALC 1220 Onboard
      Gehäuse: Be Quiet Silent Base 600 gedämmt
      Netzteil: Be Quiet Straight Power E8 580W 80+ Gold
      Betriebssystem(e): Ubuntu 19.04 x64, Windows 10 Pro Ver. 1809 x64
      Browser: Firefox 67 , Internet Explorer 11, MS Edge
      Sonstiges: 3D Connexion SpaceNavigator, HP Color LaserJet Pro MFP M181fw, Fritzbox 7412, Creative i-Trigue 330

    Registriert seit
    23.08.2006
    Beiträge
    1.090
    Danke Danke gesagt 
    316
    Danke Danke erhalten 
    10
    -Ubuntu 16.04.3 LTS x64
    -Kernel 4.13.0-36 generic
    -Ryzen 7 1800X, B350 Chipsatz

    Spectre and Meltdown mitigation detection tool v0.35

    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-36-generic #40~16.04.1-Ubuntu SMP Fri Feb 16 23:25:58 UTC 2018 x86_64
    CPU is AMD Ryzen 7 1800X Eight-Core Processor

    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
    * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available: NO
    * CPU indicates IBRS capability: NO
    * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available: NO
    * CPU indicates IBPB capability: NO
    * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available: NO
    * CPU indicates STIBP capability: NO
    * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability: NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
    * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
    * CPU microcode is known to cause stability problems: NO
    * CPU vulnerability to the three speculative execution attacks variants
    * Vulnerable to Variant 1: YES
    * Vulnerable to Variant 2: YES
    * Vulnerable to Variant 3: NO

    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
    * Kernel has array_index_mask_nospec: NO
    * Kernel has the Red Hat/Ubuntu patch: YES
    > STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))

    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
    * Mitigation 1
    * Kernel is compiled with IBRS/IBPB support: YES
    * Currently enabled features
    * IBRS enabled for Kernel space: NO
    * IBRS enabled for User space: NO
    * IBPB enabled: NO
    * Mitigation 2
    * Kernel compiled with retpoline option: YES
    * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
    > STATUS: NOT VULNERABLE (Mitigation: Full AMD retpoline)

    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface: YES (kernel confirms that your CPU is unaffected)
    * Kernel supports Page Table Isolation (PTI): YES
    * PTI enabled and active: NO
    * Running as a Xen PV DomU: NO
    > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

  2. Beitrag #52
    Grand Admiral
    Special
    Grand Admiral
    Avatar von MagicEye04
    • Mein System
      Notebook
      Modell: Thinkpad Edge E325
      Desktopsystem
      Prozessor: R7-1700 (3G6@1,22V) - FX-8350 (3G4@1,15V)
      Mainboard: Asus Prime B350M-A - Asus M5A97 EVO R2.0
      Kühlung: TR Macho - TT BigTyphoon
      Arbeitsspeicher: 2x8GiB Corsair LPX2400C14 - 2x8GiB DDR3-1600 G.E.I.L.
      Grafikkarte: Radeon VII - GTX1050ti
      Display: 61cm LG M2452D-PZ - 50cm Philips 200W
      SSD(s): Crucial MX300-275GB - Samsung 840pro 128GB
      Festplatte(n): Seagate 7200.14 2TB - Seagate 7200.12 1TB (jeweils eSATAp)
      Optische Laufwerke: 2x LG DVDRAM GH24NS90
      Soundkarte: onboard
      Gehäuse: Nanoxia Deep Silence1 - Sharkoon Rebel 9
      Netzteil: BeQuiet StraightPower 10 400W - E9 400W
      Betriebssystem(e): Ubuntu
      Browser: Feuerfuchs
      Sonstiges: 5x Nanoxia Lüfter (120/140mm) Festplatten in Bitumenbox
    • Mein DC

      MagicEye04 beim Distributed Computing

      Aktuelle Projekte: Seti,WCG,Einstein + was gerade Hilfe braucht
      Lieblingsprojekt: Seti
      Rechner: R7-1700+GTX970, FX-8350+GTX750ti, X4-5350+GT1030, X4-945, E-350
      Mitglied der Kavallerie: Nein
      BOINC-Statistiken:

    Registriert seit
    20.03.2006
    Ort
    oops,wrong.planet..
    Beiträge
    9.288
    Danke Danke gesagt 
    32
    Danke Danke erhalten 
    5
    Sieht bei mir exakt genau so aus wie beim Roten Baron. 3x grün.
    Nur dass es bei mir Ubuntu17.10 ist und nur ein 1700er Ryzen.
    Mal schauen, ob die alten Kisten auch bei Zeiten automatisch einen neuen Kernel bekommen.

    Edit: Der Athlon5350 sieht jetzt auch gut aus mit Linux 4.4.0-116-generic #140 - ebenfalls 3x grün.
    Geändert von MagicEye04 (22.02.2018 um 21:55 Uhr)
    _____________________________________________________________________
    >> Mitglied im Verein gegen den im P3D-Forum herrschenden Netzteilleistungs-Wahn VgP3DhNlW <<

  3. Beitrag #53
    Themenstarter
    Grand Admiral
    Special
    Grand Admiral
    Avatar von TAL9000
    • Mein System
      Notebook
      Modell: Packard Bell EasyNote TS11-HR-138GE
      Desktopsystem
      Prozessor: AMD Ryzen 7 1700X // Intel Core i5-2500 // i3-540
      Mainboard: MSI B350 PC Mate // Fujitsu D2990-A14 // Intel DH55TC
      Kühlung: Arctic Liquid Freezer 240 + 2x SilverStone FW121 // EKL V26898-B963-V2 // Intel Boxed S115x
      Arbeitsspeicher: 2x16GB G.Skill DDR4-3200 // 2x2GB Kingston DDR3-1333 // 2x2GB elixir DDR3-1600
      Grafikkarte: Gigabyte Aorus RX 580 8GD5 // HIS Radeon RX 460 iCooler 2GB // OnCPU Intel GMA HD Graphics
      Display: 26" iiyama ProLite E2607WS-1 1920x1200
      SSD(s): Samsung SSM 850 EVO 250GB // SK Hynix Canvas SL308 250GB // OCZ Trion 150 120GB
      Festplatte(n): Samsung HD154UI 1,5TB // Western Digital Caviar Blue 640GB // Seagate Barracuda 7200.11 500GB
      Optische Laufwerke: - // Samsung TS-H653J // LG GH20NS15
      Soundkarte: OnBoard
      Gehäuse: Enermax iVektor schwarz // Esprimo P400 // TFX Desktop
      Netzteil: be quiet! Dark Power Pro 11 650W // be quiet! S6-SYS-UA-350W // Seasonic SS-250TFX
      Betriebssystem(e): Win10pro x64 // Win7pro x64 // Ubuntu 18.04 XFCE (Mint 19.1)
      Browser: Firefox
      Sonstiges: Danke thorsam KVM ATEN CS1764 4-fach Desktop USV APC BR900GI NAS QNAP TS431+TS431P2-4G je 4x4TB
    • Mein DC

      TAL9000 beim Distributed Computing

      Aktuelle Projekte: was halt so geht
      Lieblingsprojekt: SIMAP
      Rechner: CPU Intel Xeon X3220+X3460+X3470+i5-750+Q9550 GPU Radeon HD 5770+6770+5830+2x 5850+2x RX560
      Mitglied der Kavallerie: Ja
      BOINC-Statistiken:
      Folding@Home-Statistiken:

    Registriert seit
    20.03.2007
    Ort
    nähe Giessen
    Beiträge
    3.564
    Danke Danke gesagt 
    232
    Danke Danke erhalten 
    112
    neue Version 0.35 sowie weiterhin das "alte" Microcodeupdate 3.20180108.0+really20170707ubuntu14.04.1
    CPU Intel Core i3-540 auf Intel DH55TC, Mint 17.3 mit Kernel 4.4.0-116

    Spoiler


    Nun ist auch Spectre V2 nicht mehr relevant für dieses System.

    Schön das, mal den Laptop aufbauen und schauen ob es an der 32Bit Front auch was neues gibt...

    --- Update ---

    Ein Lichtblick:

    CPU Intel Pentium Dual Core T2080 im Toshiba Satelite A200-1CC, Mint 18.3 mit Kernel 4.13.0-36-generic #40 (32bit/i686)

    Code:
    Spectre and Meltdown mitigation detection tool v0.35
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-36-generic #40~16.04.1-Ubuntu SMP Fri Feb 16 23:26:51 UTC 2018 i686
    CPU is Genuine Intel(R) CPU           T2080  @ 1.73GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  NO 
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 14 stepping 12 ucode 0x5b)
    * CPU vulnerability to the three speculative execution attacks variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel has array_index_mask_nospec:  NO 
    * Kernel has the Red Hat/Ubuntu patch:  YES 
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES 
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO 
        * IBRS enabled for User space:  NO 
        * IBPB enabled:  NO 
    * Mitigation 2
      * Kernel compiled with retpoline option:  YES 
      * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
    * Kernel supports Page Table Isolation (PTI):  NO 
    * PTI enabled and active:  NO 
    * Running as a Xen PV DomU:  NO 
    > STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)
    
    A false sense of security is worse than no security at all, see --disclaimer
    2 von 3 ist schon mal besser als 0 von 3, auch wenn ich lieber Meltdown als gesichert gesehen hätte
    Warum ich bei Seti@home raus bin? Wir finden schon auf der Erde keine Intelligenz, und da werden wir auch keine außerhalb finden

  4. Beitrag #54
    Grand Admiral
    Special
    Grand Admiral
    Avatar von eratte
    • Mein System
      Notebook
      Modell: HP PAVILION 14-dk0002ng
      Desktopsystem
      Prozessor: Ryzen R7 2700x
      Mainboard: ASUS ROG Strix X470-F Gaming
      Kühlung: be quiet! Dark Rock Pro 4
      Arbeitsspeicher: 2 x 16 GB G.Skill RipJaws F4-3200C16-16GVK
      Grafikkarte: MSI GTX 1080 Gaming X 8G
      Display: S27A850D 2560x1440 / U2412M 1920x1200
      SSD(s): Samsung 960 Pro 512 und Cruical MX200 500
      Optische Laufwerke: LG BH10LS30 Blu-Ray Brenner
      Soundkarte: Onboard
      Gehäuse: Lian Li PC-A51 Schwarz
      Netzteil: Seasonic Platinum 860 (80+ Platinum)
      Betriebssystem(e): Windows 10 Pro 64
      Browser: Firefox
      Sonstiges: 3 x NF-S12A u. 2 x NF-P12 Noctua Lüfter. Corsair K70, Steelseries Rival 300, Plantronics 780 HS.
    • Mein DC

      eratte beim Distributed Computing

      Aktuelle Projekte: YoYo, Collatz
      Lieblingsprojekt: YoYo
      Rechner: i7-980x - Rest nach Bedarf und Laune
      Mitglied der Kavallerie: Ja
      BOINC-Statistiken:

    Registriert seit
    11.11.2001
    Ort
    Rheinberg / NRW
    Beiträge
    9.316
    Danke Danke gesagt 
    92
    Danke Danke erhalten 
    597
    Linux Mint 18.3 auf i3450/Z77:

    Spectre and Meltdown mitigation detection tool v0.30

    Checking for vulnerabilities against running kernel Linux 4.13.0-36-generic #40~16.04.1-Ubuntu SMP Fri Feb 16 23:25:58 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz

    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking whether we're safe according to the /sys interface: YES (kernel confirms that the mitigation is active)
    > STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))

    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Checking whether we're safe according to the /sys interface: YES (kernel confirms that the mitigation is active)
    > STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)

    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Checking whether we're safe according to the /sys interface: YES (kernel confirms that the mitigation is active)
    > STATUS: NOT VULNERABLE (Mitigation: PTI)

    A false sense of security is worse than no security at all, see --disclaimer
    PC1: R7 2700x & Wraith Prism, Strix X470-F Gaming, 32 GB G.Skill RipJaws DDR4-3200 CL16, GTX 1080 Gaming X 8G, SSD 960 Pro 512, MX200 500 & BD/DVD Brenner, Seasonic Platinum 860, Lian Li PC-A51. Win10 Pro 64.
    PC2: R7 1700x & NH-D14, Crosshair 6 Hero, 16 GB G.Skill Trident Z DDR4-3200 CL14, RX 480 Gaming X 8G, SSD 950 Pro 512, 840 Pro 256 & BD/DVD Brenner, Seasonic Platinum 660, Lian Li PC-V700. Win10 Pro 64.
    Server: Xeon E3-1245 V2 & NH-C12P SE14, P8H77-M Pro, 16 GB G.Skill DDR3-1600, SSD 830 128, 4 x 3 TB WD Red HDD, Seasonic X-Series X-400FL, Lian Li PC-V600. Server 2008 R2 64
    HTPC: I5-6500 & NH-L12, H170M-E D3, 8 GB G.Skill DDR3-1600, SSD SM951 256 & BD/DVD Brenner, Seasonic G-Series 360G, Lian Li PC-C50, Win8.1 Pro 64

  5. Beitrag #55
    Grand Admiral
    Special
    Grand Admiral
    Avatar von MagicEye04
    • Mein System
      Notebook
      Modell: Thinkpad Edge E325
      Desktopsystem
      Prozessor: R7-1700 (3G6@1,22V) - FX-8350 (3G4@1,15V)
      Mainboard: Asus Prime B350M-A - Asus M5A97 EVO R2.0
      Kühlung: TR Macho - TT BigTyphoon
      Arbeitsspeicher: 2x8GiB Corsair LPX2400C14 - 2x8GiB DDR3-1600 G.E.I.L.
      Grafikkarte: Radeon VII - GTX1050ti
      Display: 61cm LG M2452D-PZ - 50cm Philips 200W
      SSD(s): Crucial MX300-275GB - Samsung 840pro 128GB
      Festplatte(n): Seagate 7200.14 2TB - Seagate 7200.12 1TB (jeweils eSATAp)
      Optische Laufwerke: 2x LG DVDRAM GH24NS90
      Soundkarte: onboard
      Gehäuse: Nanoxia Deep Silence1 - Sharkoon Rebel 9
      Netzteil: BeQuiet StraightPower 10 400W - E9 400W
      Betriebssystem(e): Ubuntu
      Browser: Feuerfuchs
      Sonstiges: 5x Nanoxia Lüfter (120/140mm) Festplatten in Bitumenbox
    • Mein DC

      MagicEye04 beim Distributed Computing

      Aktuelle Projekte: Seti,WCG,Einstein + was gerade Hilfe braucht
      Lieblingsprojekt: Seti
      Rechner: R7-1700+GTX970, FX-8350+GTX750ti, X4-5350+GT1030, X4-945, E-350
      Mitglied der Kavallerie: Nein
      BOINC-Statistiken:

    Registriert seit
    20.03.2006
    Ort
    oops,wrong.planet..
    Beiträge
    9.288
    Danke Danke gesagt 
    32
    Danke Danke erhalten 
    5
    Hat zufällig Jemand Benchmarks vor und nach den Kernel-Patches gemacht, um zu schauen, ob die Performance vielleicht leidet?
    Ich hab es leider vorher nicht gemacht und habe nun das GEFÜHL, dass Boinc etwas langsamer rechnet.
    _____________________________________________________________________
    >> Mitglied im Verein gegen den im P3D-Forum herrschenden Netzteilleistungs-Wahn VgP3DhNlW <<

  6. Beitrag #56
    Grand Admiral
    Special
    Grand Admiral
    Avatar von MagicEye04
    • Mein System
      Notebook
      Modell: Thinkpad Edge E325
      Desktopsystem
      Prozessor: R7-1700 (3G6@1,22V) - FX-8350 (3G4@1,15V)
      Mainboard: Asus Prime B350M-A - Asus M5A97 EVO R2.0
      Kühlung: TR Macho - TT BigTyphoon
      Arbeitsspeicher: 2x8GiB Corsair LPX2400C14 - 2x8GiB DDR3-1600 G.E.I.L.
      Grafikkarte: Radeon VII - GTX1050ti
      Display: 61cm LG M2452D-PZ - 50cm Philips 200W
      SSD(s): Crucial MX300-275GB - Samsung 840pro 128GB
      Festplatte(n): Seagate 7200.14 2TB - Seagate 7200.12 1TB (jeweils eSATAp)
      Optische Laufwerke: 2x LG DVDRAM GH24NS90
      Soundkarte: onboard
      Gehäuse: Nanoxia Deep Silence1 - Sharkoon Rebel 9
      Netzteil: BeQuiet StraightPower 10 400W - E9 400W
      Betriebssystem(e): Ubuntu
      Browser: Feuerfuchs
      Sonstiges: 5x Nanoxia Lüfter (120/140mm) Festplatten in Bitumenbox
    • Mein DC

      MagicEye04 beim Distributed Computing

      Aktuelle Projekte: Seti,WCG,Einstein + was gerade Hilfe braucht
      Lieblingsprojekt: Seti
      Rechner: R7-1700+GTX970, FX-8350+GTX750ti, X4-5350+GT1030, X4-945, E-350
      Mitglied der Kavallerie: Nein
      BOINC-Statistiken:

    Registriert seit
    20.03.2006
    Ort
    oops,wrong.planet..
    Beiträge
    9.288
    Danke Danke gesagt 
    32
    Danke Danke erhalten 
    5
    Blöde Frage: was bringt mir denn eigentlich ein gepatchter Kernel? (Spectre1)
    Ich hab gerade gelesen, dass Anwendungen, die nicht gepatcht wären, dann trotzdem den Bug ausnutzen können.
    Welchen Sinn macht dann ein Kernel-Patch? Eine Schadsoftware würde ja dann selbstverständlich ungepatcht bleiben. :/
    _____________________________________________________________________
    >> Mitglied im Verein gegen den im P3D-Forum herrschenden Netzteilleistungs-Wahn VgP3DhNlW <<

  7. Beitrag #57
    Vice Admiral
    Special
    Vice Admiral
    Avatar von sjrothe
    • Mein System
      Notebook
      Modell: HP ProBook 655 G1 FHD AMD A8-5550 16GB // E7222 (HM76 16GB i7 3610QM SSD+M9T)
      Desktopsystem
      Prozessor: Opteron 3280 // XEON E3-1270
      Mainboard: Fujitsu //Asrock Z68 Extreme3 Gen3
      Kühlung: Stock// Thermalright AXP-200 Muscle - passte gerade so...
      Arbeitsspeicher: 2x 8GB DDR3-1600 // 4x 8GB DDR3-1600
      Grafikkarte: GT520 1GB // MSI RX570 8GB
      Display: HP 2309m + IBM 19er + Samtron 75G
      SSD(s): Crucial MX500, MX300 und M500
      Festplatte(n): Hitachi, Toshiba, Samsung, WD aber von Seagate nur ne SSHD
      Optische Laufwerke: - // Pioneer DVR-220, LG CH08LS10 Blu-ray SuperMulti liest nur noch BluRay
      Gehäuse: Fujitsu MX130 S2 // LIAN LI PC-7FN
      Netzteil: Fujisu 250W // TruePowerNew TP550, DANKE ANTEC
      Betriebssystem(e): Windows 7 x64 und besser also Linux ;-)
      Browser: Firefox + Chromium + Opera
      Sonstiges: XBOX360 Controller+ HD-DVD-ROM 386DX+387,Compaq 486 SX2, Toshiba Sat.220CS, Vobis Pentium Pro

    Registriert seit
    19.06.2002
    Ort
    Dresden
    Beiträge
    505
    Danke Danke gesagt 
    34
    Danke Danke erhalten 
    30
    Blog-Einträge
    1
    Zitat Zitat von MagicEye04 Beitrag anzeigen
    Blöde Frage: was bringt mir denn eigentlich ein gepatchter Kernel? (Spectre1)
    Ich hab gerade gelesen, dass Anwendungen, die nicht gepatcht wären, dann trotzdem den Bug ausnutzen können.
    Welchen Sinn macht dann ein Kernel-Patch? Eine Schadsoftware würde ja dann selbstverständlich ungepatcht bleiben. :/
    Bei AMD ist die CPU Erkennung entscheidend, da keine Spectre 1 Patches benötigt werden, bei Intel ist's ein weiterer Sandsack gegen die Flut.
    Ganz genau, die Softwarepakete müssen auch überarbeitet werden. Bei kommerzieller Software unter Windows wird es da sicherlich noch ewig einiges jahrelang angreifbares geben.
    Wenn Bios/Microcode und/oder OS sowie eine CPU ohne diese Angreifbarkeit laufen, funktioniert die alte Software vielleicht nicht mehr, kann aber auch keinen Schaden anrichten.
    Mobile Geräte mit fest verbauten, also unterwegs nicht wechselbaren Akkus halte ich für Fehlkonstruktionen.

  8. Beitrag #58
    Admiral
    Special
    Admiral

    Registriert seit
    03.04.2005
    Beiträge
    1.698
    Danke Danke gesagt 
    177
    Danke Danke erhalten 
    6
    Zitat Zitat von sjrothe Beitrag anzeigen
    Bei AMD ist die CPU Erkennung entscheidend, da keine Spectre 1 Patches benötigt werden, bei Intel ist's ein weiterer Sandsack gegen die Flut. ...
    Wie bitte?
    Seit wann werden keine Spectre 1 Patches benötigt?

  9. Beitrag #59
    Vice Admiral
    Special
    Vice Admiral
    Avatar von sjrothe
    • Mein System
      Notebook
      Modell: HP ProBook 655 G1 FHD AMD A8-5550 16GB // E7222 (HM76 16GB i7 3610QM SSD+M9T)
      Desktopsystem
      Prozessor: Opteron 3280 // XEON E3-1270
      Mainboard: Fujitsu //Asrock Z68 Extreme3 Gen3
      Kühlung: Stock// Thermalright AXP-200 Muscle - passte gerade so...
      Arbeitsspeicher: 2x 8GB DDR3-1600 // 4x 8GB DDR3-1600
      Grafikkarte: GT520 1GB // MSI RX570 8GB
      Display: HP 2309m + IBM 19er + Samtron 75G
      SSD(s): Crucial MX500, MX300 und M500
      Festplatte(n): Hitachi, Toshiba, Samsung, WD aber von Seagate nur ne SSHD
      Optische Laufwerke: - // Pioneer DVR-220, LG CH08LS10 Blu-ray SuperMulti liest nur noch BluRay
      Gehäuse: Fujitsu MX130 S2 // LIAN LI PC-7FN
      Netzteil: Fujisu 250W // TruePowerNew TP550, DANKE ANTEC
      Betriebssystem(e): Windows 7 x64 und besser also Linux ;-)
      Browser: Firefox + Chromium + Opera
      Sonstiges: XBOX360 Controller+ HD-DVD-ROM 386DX+387,Compaq 486 SX2, Toshiba Sat.220CS, Vobis Pentium Pro

    Registriert seit
    19.06.2002
    Ort
    Dresden
    Beiträge
    505
    Danke Danke gesagt 
    34
    Danke Danke erhalten 
    30
    Blog-Einträge
    1
    Bei AMD schon immer, da AMD CPUs nicht von Specte 1 sondern nur mit im Vergleich sehr kleinem Angriffsvektor von Spectre 2 betroffen sind.
    Die mediale Verwirrung seitens Intels, Samsung und Co. wirkt wunderbar, warum sonst müssen deren hart betroffenen Gerätereihen nur mit 20-30% statt 50-90% Rabatt unters Volk gedrückt werden.
    Mobile Geräte mit fest verbauten, also unterwegs nicht wechselbaren Akkus halte ich für Fehlkonstruktionen.

  10. Beitrag #60
    Grand Admiral
    Special
    Grand Admiral
    Avatar von MagicEye04
    • Mein System
      Notebook
      Modell: Thinkpad Edge E325
      Desktopsystem
      Prozessor: R7-1700 (3G6@1,22V) - FX-8350 (3G4@1,15V)
      Mainboard: Asus Prime B350M-A - Asus M5A97 EVO R2.0
      Kühlung: TR Macho - TT BigTyphoon
      Arbeitsspeicher: 2x8GiB Corsair LPX2400C14 - 2x8GiB DDR3-1600 G.E.I.L.
      Grafikkarte: Radeon VII - GTX1050ti
      Display: 61cm LG M2452D-PZ - 50cm Philips 200W
      SSD(s): Crucial MX300-275GB - Samsung 840pro 128GB
      Festplatte(n): Seagate 7200.14 2TB - Seagate 7200.12 1TB (jeweils eSATAp)
      Optische Laufwerke: 2x LG DVDRAM GH24NS90
      Soundkarte: onboard
      Gehäuse: Nanoxia Deep Silence1 - Sharkoon Rebel 9
      Netzteil: BeQuiet StraightPower 10 400W - E9 400W
      Betriebssystem(e): Ubuntu
      Browser: Feuerfuchs
      Sonstiges: 5x Nanoxia Lüfter (120/140mm) Festplatten in Bitumenbox
    • Mein DC

      MagicEye04 beim Distributed Computing

      Aktuelle Projekte: Seti,WCG,Einstein + was gerade Hilfe braucht
      Lieblingsprojekt: Seti
      Rechner: R7-1700+GTX970, FX-8350+GTX750ti, X4-5350+GT1030, X4-945, E-350
      Mitglied der Kavallerie: Nein
      BOINC-Statistiken:

    Registriert seit
    20.03.2006
    Ort
    oops,wrong.planet..
    Beiträge
    9.288
    Danke Danke gesagt 
    32
    Danke Danke erhalten 
    5
    AMD gibt doch selbst zu, dass sie von Spectre1 betroffen sind.
    https://www.amd.com/en/corporate/speculative-execution

    Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.

    We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
    --- Update ---

    AMD gibt doch selbst zu, dass sie von Spectre1 betroffen sind.
    https://www.amd.com/en/corporate/speculative-execution

    Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.

    We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
    _____________________________________________________________________
    >> Mitglied im Verein gegen den im P3D-Forum herrschenden Netzteilleistungs-Wahn VgP3DhNlW <<

  11. Beitrag #61
    Admiral
    Special
    Admiral

    Registriert seit
    03.04.2005
    Beiträge
    1.698
    Danke Danke gesagt 
    177
    Danke Danke erhalten 
    6
    Zitat Zitat von sjrothe Beitrag anzeigen
    ... AMD CPUs nicht von Specte 1 ... betroffen sind.
    Mit dieser Meinung bist du aber ziemlich alleine.

    Die mediale Verwirrung ...
    Der einzige, der hier verwirrt ist, bist du.

  12. Beitrag #62
    Vice Admiral
    Special
    Vice Admiral
    Avatar von sjrothe
    • Mein System
      Notebook
      Modell: HP ProBook 655 G1 FHD AMD A8-5550 16GB // E7222 (HM76 16GB i7 3610QM SSD+M9T)
      Desktopsystem
      Prozessor: Opteron 3280 // XEON E3-1270
      Mainboard: Fujitsu //Asrock Z68 Extreme3 Gen3
      Kühlung: Stock// Thermalright AXP-200 Muscle - passte gerade so...
      Arbeitsspeicher: 2x 8GB DDR3-1600 // 4x 8GB DDR3-1600
      Grafikkarte: GT520 1GB // MSI RX570 8GB
      Display: HP 2309m + IBM 19er + Samtron 75G
      SSD(s): Crucial MX500, MX300 und M500
      Festplatte(n): Hitachi, Toshiba, Samsung, WD aber von Seagate nur ne SSHD
      Optische Laufwerke: - // Pioneer DVR-220, LG CH08LS10 Blu-ray SuperMulti liest nur noch BluRay
      Gehäuse: Fujitsu MX130 S2 // LIAN LI PC-7FN
      Netzteil: Fujisu 250W // TruePowerNew TP550, DANKE ANTEC
      Betriebssystem(e): Windows 7 x64 und besser also Linux ;-)
      Browser: Firefox + Chromium + Opera
      Sonstiges: XBOX360 Controller+ HD-DVD-ROM 386DX+387,Compaq 486 SX2, Toshiba Sat.220CS, Vobis Pentium Pro

    Registriert seit
    19.06.2002
    Ort
    Dresden
    Beiträge
    505
    Danke Danke gesagt 
    34
    Danke Danke erhalten 
    30
    Blog-Einträge
    1
    Oh sorry da bin ich wohl selbst mit den Spectre Nummerierungen durcheinander gekommen.
    Mobile Geräte mit fest verbauten, also unterwegs nicht wechselbaren Akkus halte ich für Fehlkonstruktionen.

  13. Beitrag #63
    Admiral
    Special
    Admiral

    Registriert seit
    03.04.2005
    Beiträge
    1.698
    Danke Danke gesagt 
    177
    Danke Danke erhalten 
    6
    Zitat Zitat von sjrothe Beitrag anzeigen
    Oh sorry da bin ich wohl selbst mit den Spectre Nummerierungen durcheinander gekommen.
    Und diese Einsicht kommt dir erst jetzt?
    Du hast Spectre 1 mit Meltdown verwechselt.

  14. Beitrag #64
    Themenstarter
    Grand Admiral
    Special
    Grand Admiral
    Avatar von TAL9000
    • Mein System
      Notebook
      Modell: Packard Bell EasyNote TS11-HR-138GE
      Desktopsystem
      Prozessor: AMD Ryzen 7 1700X // Intel Core i5-2500 // i3-540
      Mainboard: MSI B350 PC Mate // Fujitsu D2990-A14 // Intel DH55TC
      Kühlung: Arctic Liquid Freezer 240 + 2x SilverStone FW121 // EKL V26898-B963-V2 // Intel Boxed S115x
      Arbeitsspeicher: 2x16GB G.Skill DDR4-3200 // 2x2GB Kingston DDR3-1333 // 2x2GB elixir DDR3-1600
      Grafikkarte: Gigabyte Aorus RX 580 8GD5 // HIS Radeon RX 460 iCooler 2GB // OnCPU Intel GMA HD Graphics
      Display: 26" iiyama ProLite E2607WS-1 1920x1200
      SSD(s): Samsung SSM 850 EVO 250GB // SK Hynix Canvas SL308 250GB // OCZ Trion 150 120GB
      Festplatte(n): Samsung HD154UI 1,5TB // Western Digital Caviar Blue 640GB // Seagate Barracuda 7200.11 500GB
      Optische Laufwerke: - // Samsung TS-H653J // LG GH20NS15
      Soundkarte: OnBoard
      Gehäuse: Enermax iVektor schwarz // Esprimo P400 // TFX Desktop
      Netzteil: be quiet! Dark Power Pro 11 650W // be quiet! S6-SYS-UA-350W // Seasonic SS-250TFX
      Betriebssystem(e): Win10pro x64 // Win7pro x64 // Ubuntu 18.04 XFCE (Mint 19.1)
      Browser: Firefox
      Sonstiges: Danke thorsam KVM ATEN CS1764 4-fach Desktop USV APC BR900GI NAS QNAP TS431+TS431P2-4G je 4x4TB
    • Mein DC

      TAL9000 beim Distributed Computing

      Aktuelle Projekte: was halt so geht
      Lieblingsprojekt: SIMAP
      Rechner: CPU Intel Xeon X3220+X3460+X3470+i5-750+Q9550 GPU Radeon HD 5770+6770+5830+2x 5850+2x RX560
      Mitglied der Kavallerie: Ja
      BOINC-Statistiken:
      Folding@Home-Statistiken:

    Registriert seit
    20.03.2007
    Ort
    nähe Giessen
    Beiträge
    3.564
    Danke Danke gesagt 
    232
    Danke Danke erhalten 
    112
    Tool ist mittlerweile auf v0.37+ und prüft auch auf:
    CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
    CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
    Code:
    tal9000@TAL9002 ~ $ sudo sh spectre-meltdown-checker.sh
    [sudo] password for tal9000: 
    Spectre and Meltdown mitigation detection tool v0.37+
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.4.0-127-generic #153~14.04.1-Ubuntu SMP Sat May 19 14:00:03 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i3 CPU         540  @ 3.07GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  NO 
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
      * Speculative Store Bypass Disable (SSBD)
        * CPU indicates SSBD capability:  NO 
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 37 stepping 5 ucode 0x4 cpuid 0x20655)
    * CPU vulnerability to the speculative execution attack variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  YES 
      * Vulnerable to Variant 3a:  YES 
      * Vulnerable to Variant 4:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (Mitigation: OSB (observable speculation barrier, Intel v6))
    * Kernel has array_index_mask_nospec (x86):  NO 
    * Kernel has the Red Hat/Ubuntu patch:  YES 
    * Kernel has mask_nospec64 (arm):  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline)
    * Mitigation 1
      * Kernel is compiled with IBRS support:  YES 
        * IBRS enabled and active:  NO 
      * Kernel is compiled with IBPB support:  YES 
        * IBPB enabled and active:  NO 
    * Mitigation 2
      * Kernel has branch predictor hardening (arm):  NO 
      * Kernel compiled with retpoline option:  YES 
        * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Full retpoline is mitigating the vulnerability)
    IBPB is considered as a good addition to retpoline for Variant 2 mitigation, but your CPU microcode doesn't support it
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  YES  (Mitigation: PTI)
    * Kernel supports Page Table Isolation (PTI):  YES 
      * PTI enabled and active:  YES 
      * Reduced performance impact of PTI:  YES  (CPU supports PCID, performance impact of PTI will be reduced)
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
      * CPU microcode mitigates the vulnerability:  NO 
    > STATUS:  VULNERABLE  (an up-to-date CPU microcode is needed to mitigate this vulnerability)
    
    > How to fix: The microcode of your CPU needs to be upgraded to mitigate this vulnerability. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). The microcode update is enough, there is no additional OS, kernel or software change needed.
    
    CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
    * Mitigated according to the /sys interface:  NO  (Vulnerable)
      * Kernel supports speculation store bypass:  YES  (found in /proc/self/status)
    > STATUS:  VULNERABLE  (Your CPU doesn't support SSBD)
    
    > How to fix: Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use. The microcode of your CPU hence needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section).
    
    A false sense of security is worse than no security at all, see --disclaimer
    Warum ich bei Seti@home raus bin? Wir finden schon auf der Erde keine Intelligenz, und da werden wir auch keine außerhalb finden

  15. Beitrag #65
    Admiral
    Special
    Admiral
    Avatar von RedBaron
    • Mein System
      Notebook
      Modell: Toshiba WD30Dt-A100, AMD A1200 APU 1GHz, Win 10 Home x64 1809, 4 GB RAM DDR3 1066 MHz, 500 GB WD-HDD
      Desktopsystem
      Prozessor: AMD Ryzen 7 2700X - 3.7 GHz @ Standard
      Mainboard: Asus ROG STRIX B350-F Gaming UEFI Ver. 4801
      Kühlung: CPU: Arctic-Cooling Liquid Freezer 240, Gehäuse: 1 Pure Wings 2 140mm, 1 Pure Wings 2 120mm
      Arbeitsspeicher: 32 GiB Crucial DDR4 @2400 MHz ECC CL17 CT16G4XFD824A
      Grafikkarte: AMD Radeon Pro WX 5100, 8 GB
      Display: 24 Zoll XORO HTL2335HD 1920*1080p 60Hz
      SSD(s): Samsung 970 EVO 1 TB, Crucial MX200 256 GB, SanDisk SDSSDP128GS 128 GB
      Festplatte(n): Seagate ST4000DX001 SSHD 4TB, Intenso 4TB USB 3.0 extern
      Optische Laufwerke: LG Electronics BH16NS40 Blu-ray Disc Writer
      Soundkarte: Realtek ALC 1220 Onboard
      Gehäuse: Be Quiet Silent Base 600 gedämmt
      Netzteil: Be Quiet Straight Power E8 580W 80+ Gold
      Betriebssystem(e): Ubuntu 19.04 x64, Windows 10 Pro Ver. 1809 x64
      Browser: Firefox 67 , Internet Explorer 11, MS Edge
      Sonstiges: 3D Connexion SpaceNavigator, HP Color LaserJet Pro MFP M181fw, Fritzbox 7412, Creative i-Trigue 330

    Registriert seit
    23.08.2006
    Beiträge
    1.090
    Danke Danke gesagt 
    316
    Danke Danke erhalten 
    10
    - Ryzen 1800X
    - Asus ROG Strix B350-F Gaming, UEFI Ver. 4011 vom 19.04.2018
    - Ubuntu 18.04 LTS, Kernel 4.15.0-22

    Code:
    Spectre and Meltdown mitigation detection tool v0.37+
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.15.0-22-generic #24-Ubuntu SMP Wed May 16 12:15:17 UTC 2018 x86_64
    CPU is AMD Ryzen 7 1800X Eight-Core Processor
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
        * CPU indicates preferring IBRS always-on:  NO 
        * CPU indicates preferring IBRS over retpoline:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  YES  (IBPB_SUPPORT feature bit)
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
        * CPU indicates preferring STIBP always-on:  NO 
      * Speculative Store Bypass Disable (SSBD)
        * CPU indicates SSBD capability:  YES  (AMD non-architectural MSR)
      * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 0x1 family 0x17 stepping 0x1 ucode 0x8001137 cpuid 0x800f11)
    * CPU vulnerability to the speculative execution attack variants
      * Vulnerable to Variant 1:  YES 
      * Vulnerable to Variant 2:  YES 
      * Vulnerable to Variant 3:  NO 
      * Vulnerable to Variant 3a:  NO 
      * Vulnerable to Variant 4:  YES 
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
    * Kernel has array_index_mask_nospec (x86):  YES  (1 occurrence(s) found of 64 bits array_index_mask_nospec())
    * Kernel has the Red Hat/Ubuntu patch:  NO 
    * Kernel has mask_nospec64 (arm):  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Full AMD retpoline, IBPB)
    * Mitigation 1
      * Kernel is compiled with IBRS support:  YES 
        * IBRS enabled and active:  NO 
      * Kernel is compiled with IBPB support:  YES 
        * IBPB enabled and active:  YES 
    * Mitigation 2
      * Kernel has branch predictor hardening (arm):  NO 
      * Kernel compiled with retpoline option:  YES 
        * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports Page Table Isolation (PTI):  YES 
      * PTI enabled and active:  NO 
      * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
    * CPU microcode mitigates the vulnerability:  YES 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    * Kernel supports speculation store bypass:  YES  (found in /proc/self/status)
    > STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    Ausgabe von dmesg | grep microcode:
    Code:
    [    0.857758] microcode: CPU0: patch_level=0x08001137
    [    0.857763] microcode: CPU1: patch_level=0x08001137
    [    0.857766] microcode: CPU2: patch_level=0x08001137
    [    0.857773] microcode: CPU3: patch_level=0x08001137
    [    0.857796] microcode: CPU4: patch_level=0x08001137
    [    0.857809] microcode: CPU5: patch_level=0x08001137
    [    0.857829] microcode: CPU6: patch_level=0x08001137
    [    0.857841] microcode: CPU7: patch_level=0x08001137
    [    0.857862] microcode: CPU8: patch_level=0x08001137
    [    0.857875] microcode: CPU9: patch_level=0x08001137
    [    0.857896] microcode: CPU10: patch_level=0x08001137
    [    0.857909] microcode: CPU11: patch_level=0x08001137
    [    0.857921] microcode: CPU12: patch_level=0x08001137
    [    0.857929] microcode: CPU13: patch_level=0x08001137
    [    0.857944] microcode: CPU14: patch_level=0x08001137
    [    0.857957] microcode: CPU15: patch_level=0x08001137
    [    0.857993] microcode: Microcode Update Driver: v2.2.
    Geändert von RedBaron (04.06.2018 um 18:26 Uhr)

  16. Beitrag #66
    Grand Admiral
    Special
    Grand Admiral
    Avatar von eratte
    • Mein System
      Notebook
      Modell: HP PAVILION 14-dk0002ng
      Desktopsystem
      Prozessor: Ryzen R7 2700x
      Mainboard: ASUS ROG Strix X470-F Gaming
      Kühlung: be quiet! Dark Rock Pro 4
      Arbeitsspeicher: 2 x 16 GB G.Skill RipJaws F4-3200C16-16GVK
      Grafikkarte: MSI GTX 1080 Gaming X 8G
      Display: S27A850D 2560x1440 / U2412M 1920x1200
      SSD(s): Samsung 960 Pro 512 und Cruical MX200 500
      Optische Laufwerke: LG BH10LS30 Blu-Ray Brenner
      Soundkarte: Onboard
      Gehäuse: Lian Li PC-A51 Schwarz
      Netzteil: Seasonic Platinum 860 (80+ Platinum)
      Betriebssystem(e): Windows 10 Pro 64
      Browser: Firefox
      Sonstiges: 3 x NF-S12A u. 2 x NF-P12 Noctua Lüfter. Corsair K70, Steelseries Rival 300, Plantronics 780 HS.
    • Mein DC

      eratte beim Distributed Computing

      Aktuelle Projekte: YoYo, Collatz
      Lieblingsprojekt: YoYo
      Rechner: i7-980x - Rest nach Bedarf und Laune
      Mitglied der Kavallerie: Ja
      BOINC-Statistiken:

    Registriert seit
    11.11.2001
    Ort
    Rheinberg / NRW
    Beiträge
    9.316
    Danke Danke gesagt 
    92
    Danke Danke erhalten 
    597
    AsRock hat für das Z77E-ITX ein BETA BIOS 2.0 mit neuem MicroCode veröffentlicht.

    Mint 18.3

    Spectre and Meltdown mitigation detection tool v0.37+

    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-45-generic #50~16.04.1-Ubuntu SMP Wed May 30 11:18:27 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz

    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
    * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available: YES
    * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
    * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available: YES
    * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
    * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available: YES
    * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
    * Speculative Store Bypass Disable (SSBD)
    * CPU indicates SSBD capability: NO
    * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability: NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
    * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
    * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
    * CPU microcode is known to cause stability problems: NO (model 0x3a family 0x6 stepping 0x9 ucode 0x1f cpuid 0x306a9)
    * CPU vulnerability to the speculative execution attack variants
    * Vulnerable to Variant 1: YES
    * Vulnerable to Variant 2: YES
    * Vulnerable to Variant 3: YES
    * Vulnerable to Variant 3a: YES
    * Vulnerable to Variant 4: YES

    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface: YES (Mitigation: OSB (observable speculation barrier, Intel v6))
    * Kernel has array_index_mask_nospec (x86): NO
    * Kernel has the Red Hat/Ubuntu patch: YES
    * Kernel has mask_nospec64 (arm): NO
    > STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))

    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB (Intel v4))
    * Mitigation 1
    * Kernel is compiled with IBRS support: YES
    * IBRS enabled and active: NO
    * Kernel is compiled with IBPB support: YES
    * IBPB enabled and active: YES
    * Mitigation 2
    * Kernel has branch predictor hardening (arm): NO
    * Kernel compiled with retpoline option: YES
    * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
    > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)

    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface: YES (Mitigation: PTI)
    * Kernel supports Page Table Isolation (PTI): YES
    * PTI enabled and active: YES
    * Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
    * Running as a Xen PV DomU: NO
    > STATUS: NOT VULNERABLE (Mitigation: PTI)

    CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
    * CPU microcode mitigates the vulnerability: NO
    > STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)

    > How to fix: The microcode of your CPU needs to be upgraded to mitigate this vulnerability. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). The microcode update is enough, there is no additional OS, kernel or software change needed.

    CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
    * Mitigated according to the /sys interface: NO (Vulnerable)
    * Kernel supports speculation store bypass: YES (found in /proc/self/status)
    > STATUS: VULNERABLE (Your CPU doesn't support SSBD)

    > How to fix: Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use. The microcode of your CPU hence needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section).

    A false sense of security is worse than no security at all, see --disclaimer
    PC1: R7 2700x & Wraith Prism, Strix X470-F Gaming, 32 GB G.Skill RipJaws DDR4-3200 CL16, GTX 1080 Gaming X 8G, SSD 960 Pro 512, MX200 500 & BD/DVD Brenner, Seasonic Platinum 860, Lian Li PC-A51. Win10 Pro 64.
    PC2: R7 1700x & NH-D14, Crosshair 6 Hero, 16 GB G.Skill Trident Z DDR4-3200 CL14, RX 480 Gaming X 8G, SSD 950 Pro 512, 840 Pro 256 & BD/DVD Brenner, Seasonic Platinum 660, Lian Li PC-V700. Win10 Pro 64.
    Server: Xeon E3-1245 V2 & NH-C12P SE14, P8H77-M Pro, 16 GB G.Skill DDR3-1600, SSD 830 128, 4 x 3 TB WD Red HDD, Seasonic X-Series X-400FL, Lian Li PC-V600. Server 2008 R2 64
    HTPC: I5-6500 & NH-L12, H170M-E D3, 8 GB G.Skill DDR3-1600, SSD SM951 256 & BD/DVD Brenner, Seasonic G-Series 360G, Lian Li PC-C50, Win8.1 Pro 64

  17. Beitrag #67
    Themenstarter
    Grand Admiral
    Special
    Grand Admiral
    Avatar von TAL9000
    • Mein System
      Notebook
      Modell: Packard Bell EasyNote TS11-HR-138GE
      Desktopsystem
      Prozessor: AMD Ryzen 7 1700X // Intel Core i5-2500 // i3-540
      Mainboard: MSI B350 PC Mate // Fujitsu D2990-A14 // Intel DH55TC
      Kühlung: Arctic Liquid Freezer 240 + 2x SilverStone FW121 // EKL V26898-B963-V2 // Intel Boxed S115x
      Arbeitsspeicher: 2x16GB G.Skill DDR4-3200 // 2x2GB Kingston DDR3-1333 // 2x2GB elixir DDR3-1600
      Grafikkarte: Gigabyte Aorus RX 580 8GD5 // HIS Radeon RX 460 iCooler 2GB // OnCPU Intel GMA HD Graphics
      Display: 26" iiyama ProLite E2607WS-1 1920x1200
      SSD(s): Samsung SSM 850 EVO 250GB // SK Hynix Canvas SL308 250GB // OCZ Trion 150 120GB
      Festplatte(n): Samsung HD154UI 1,5TB // Western Digital Caviar Blue 640GB // Seagate Barracuda 7200.11 500GB
      Optische Laufwerke: - // Samsung TS-H653J // LG GH20NS15
      Soundkarte: OnBoard
      Gehäuse: Enermax iVektor schwarz // Esprimo P400 // TFX Desktop
      Netzteil: be quiet! Dark Power Pro 11 650W // be quiet! S6-SYS-UA-350W // Seasonic SS-250TFX
      Betriebssystem(e): Win10pro x64 // Win7pro x64 // Ubuntu 18.04 XFCE (Mint 19.1)
      Browser: Firefox
      Sonstiges: Danke thorsam KVM ATEN CS1764 4-fach Desktop USV APC BR900GI NAS QNAP TS431+TS431P2-4G je 4x4TB
    • Mein DC

      TAL9000 beim Distributed Computing

      Aktuelle Projekte: was halt so geht
      Lieblingsprojekt: SIMAP
      Rechner: CPU Intel Xeon X3220+X3460+X3470+i5-750+Q9550 GPU Radeon HD 5770+6770+5830+2x 5850+2x RX560
      Mitglied der Kavallerie: Ja
      BOINC-Statistiken:
      Folding@Home-Statistiken:

    Registriert seit
    20.03.2007
    Ort
    nähe Giessen
    Beiträge
    3.564
    Danke Danke gesagt 
    232
    Danke Danke erhalten 
    112
    1 Jahr danach:

    Update auf Linux Mint 19.1 mit meinem alten i3-540
    intel-microcode 3.20180807a.0ubuntu0.18.04.1

    Code:
    Spectre and Meltdown mitigation detection tool v0.40
    Checking for vulnerabilities on current system
    Kernel is Linux 4.15.0-43-generic #46-Ubuntu SMP Thu Dec 6 14:45:28 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i3 CPU         540  @ 3.07GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  YES 
        * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  YES 
        * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  YES 
        * CPU indicates STIBP capability:  YES  (Intel STIBP feature bit)
      * Speculative Store Bypass Disable (SSBD)
        * CPU indicates SSBD capability:  YES  (Intel SSBD)
      * L1 data cache invalidation
        * FLUSH_CMD MSR is available:  YES 
        * CPU indicates L1D flush capability:  YES  (L1D flush feature bit)
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
      * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO 
      * CPU/Hypervisor indicates L1D flushing is not necessary on this system:  NO 
      * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA):  NO 
      * CPU supports Software Guard Extensions (SGX):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 0x25 family 0x6 stepping 0x5 ucode 0x7 cpuid 0x20655)
      * CPU microcode is the latest known available version:  YES  (latest version is 0x7 dated 2018/04/23 according to builtin MCExtractor DB v84 - 2018/09/27)
    * CPU vulnerability to the speculative execution attack variants
      * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES 
      * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES 
      * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  YES 
      * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  YES 
      * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES 
      * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  YES 
      * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  YES 
    
    CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
    * Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
    * Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
    * Kernel has the Red Hat/Ubuntu patch:  NO 
    * Kernel has mask_nospec64 (arm64):  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
    
    CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
    * Mitigation 1
      * Kernel is compiled with IBRS support:  YES 
        * IBRS enabled and active:  YES  (for kernel and firmware code)
      * Kernel is compiled with IBPB support:  YES 
        * IBPB enabled and active:  YES 
    * Mitigation 2
      * Kernel has branch predictor hardening (arm):  NO 
      * Kernel compiled with retpoline option:  YES 
        * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)
    
    CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
    * Mitigated according to the /sys interface:  YES  (Mitigation: PTI)
    * Kernel supports Page Table Isolation (PTI):  YES 
      * PTI enabled and active:  YES 
      * Reduced performance impact of PTI:  YES  (CPU supports PCID, performance impact of PTI will be reduced)
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    
    CVE-2018-3640 aka 'Variant 3a, rogue system register read'
    * CPU microcode mitigates the vulnerability:  YES 
    > STATUS:  NOT VULNERABLE  (your CPU microcode mitigates the vulnerability)
    
    CVE-2018-3639 aka 'Variant 4, speculative store bypass'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    * Kernel supports speculation store bypass:  YES  (found in /proc/self/status)
    > STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    
    CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
    * CPU microcode mitigates the vulnerability:  N/A 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
    * Mitigated according to the /sys interface:  YES  (Mitigation: PTE Inversion)
    * Kernel supports PTE inversion:  YES  (found in kernel image)
    * PTE inversion enabled and active:  YES 
    > STATUS:  NOT VULNERABLE  (Mitigation: PTE Inversion)
    
    CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
    * Information from the /sys interface: VMX: conditional cache flushes, SMT vulnerable
    * This system is a host running a hypervisor:  NO 
    * Mitigation 1 (KVM)
      * EPT is disabled:  NO 
    * Mitigation 2
      * L1D flush is supported by kernel:  YES  (found flush_l1d in /proc/cpuinfo)
      * L1D flush enabled:  YES  (conditional flushes)
      * Hardware-backed L1D flush supported:  YES  (performance impact of the mitigation will be greatly reduced)
      * Hyper-Threading (SMT) is enabled:  YES 
    > STATUS:  NOT VULNERABLE  (this system is not running a hypervisor)
    
    > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK
    
    Need more detailed information about mitigation options? Use --explain
    A false sense of security is worse than no security at all, see --disclaimer
    Warum ich bei Seti@home raus bin? Wir finden schon auf der Erde keine Intelligenz, und da werden wir auch keine außerhalb finden

  18. Beitrag #68
    Admiral
    Special
    Admiral
    Avatar von RedBaron
    • Mein System
      Notebook
      Modell: Toshiba WD30Dt-A100, AMD A1200 APU 1GHz, Win 10 Home x64 1809, 4 GB RAM DDR3 1066 MHz, 500 GB WD-HDD
      Desktopsystem
      Prozessor: AMD Ryzen 7 2700X - 3.7 GHz @ Standard
      Mainboard: Asus ROG STRIX B350-F Gaming UEFI Ver. 4801
      Kühlung: CPU: Arctic-Cooling Liquid Freezer 240, Gehäuse: 1 Pure Wings 2 140mm, 1 Pure Wings 2 120mm
      Arbeitsspeicher: 32 GiB Crucial DDR4 @2400 MHz ECC CL17 CT16G4XFD824A
      Grafikkarte: AMD Radeon Pro WX 5100, 8 GB
      Display: 24 Zoll XORO HTL2335HD 1920*1080p 60Hz
      SSD(s): Samsung 970 EVO 1 TB, Crucial MX200 256 GB, SanDisk SDSSDP128GS 128 GB
      Festplatte(n): Seagate ST4000DX001 SSHD 4TB, Intenso 4TB USB 3.0 extern
      Optische Laufwerke: LG Electronics BH16NS40 Blu-ray Disc Writer
      Soundkarte: Realtek ALC 1220 Onboard
      Gehäuse: Be Quiet Silent Base 600 gedämmt
      Netzteil: Be Quiet Straight Power E8 580W 80+ Gold
      Betriebssystem(e): Ubuntu 19.04 x64, Windows 10 Pro Ver. 1809 x64
      Browser: Firefox 67 , Internet Explorer 11, MS Edge
      Sonstiges: 3D Connexion SpaceNavigator, HP Color LaserJet Pro MFP M181fw, Fritzbox 7412, Creative i-Trigue 330

    Registriert seit
    23.08.2006
    Beiträge
    1.090
    Danke Danke gesagt 
    316
    Danke Danke erhalten 
    10
    Daten des System, ausgelesen mit sudo inxi -F

    Ubuntu 18.04.2 LTS mit Kernel 4.15.0-45 generic
    AMD Ryzen 7 2700X mit Asus ROG Strix B350-F Gaming, UEFI 4207 vom 7.12.2018

    Code:
    System:    Host: workstation Kernel: 4.15.0-45-generic x86_64 bits: 64 Console: tty 1 Distro: Ubuntu 18.04.2 LTS
    Machine:   Device: desktop Mobo: ASUSTeK model: ROG STRIX B350-F GAMING v: Rev X.0x serial: 171114554600447
               UEFI: American Megatrends v: 4207 date: 12/07/2018
    CPU:       8 core AMD Ryzen 7 2700X Eight-Core (-MT-MCP-) cache: 4096 KB
               clock speeds: max: 3700 MHz 1: 2058 MHz 2: 2036 MHz 3: 1982 MHz 4: 2051 MHz 5: 2074 MHz 6: 2050 MHz
               7: 2054 MHz 8: 2062 MHz 9: 1967 MHz 10: 1920 MHz 11: 1909 MHz 12: 2032 MHz 13: 1915 MHz 14: 2030 MHz
               15: 2194 MHz 16: 2193 MHz
    Graphics:  Card: Advanced Micro Devices [AMD/ATI] Ellesmere [Radeon Pro WX 5100]
               Display Server: X.Org 1.19.6 driver: amdgpu Resolution: 1920x1080@60.00hz
               OpenGL: renderer: AMD Radeon Pro WX 5100 Graphics (POLARIS10, DRM 3.23.0, 4.15.0-45-generic, LLVM 7.0.0)
               version: 4.5 Mesa 18.2.2
    Audio:     Card-1 Advanced Micro Devices [AMD] Family 17h (Models 00h-0fh) HD Audio Controller
               driver: snd_hda_intel
               Card-2 Advanced Micro Devices [AMD/ATI] Ellesmere HDMI Audio [Radeon RX 470/480 / 570/580/590]
               driver: snd_hda_intel
               Sound: Advanced Linux Sound Architecture v: k4.15.0-45-generic
    Network:   Card: Intel I211 Gigabit Network Connection driver: igb
               IF: enp4s0 state: up speed: 1000 Mbps duplex: full mac: 2c:fd:a1:bc:cb:a3
    Drives:    HDD Total Size: 5379.1GB (2.5% used)
               ID-1: /dev/nvme0n1 model: Samsung_SSD_970_EVO_1TB size: 1000.2GB
               ID-2: /dev/sda model: Crucial_CT250MX2 size: 250.1GB
               ID-3: /dev/sdb model: SanDisk_SDSSDP12 size: 128.0GB
               ID-4: /dev/sdc model: ST4000DX001 size: 4000.8GB
    Partition: ID-1: / size: 209G used: 11G (6%) fs: ext4 dev: /dev/nvme0n1p5
               ID-2: /home size: 229G used: 2.1G (1%) fs: ext4 dev: /dev/sda1
               ID-3: swap-1 size: 128.03GB used: 0.00GB (0%) fs: swap dev: /dev/sdb1
    RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
    Sensors:   System Temperatures: cpu: 26.0C mobo: N/A gpu: 36.0
               Fan Speeds (in rpm): cpu: 0
    Info:      Processes: 379 Uptime: 12 min Memory: 1866.5/32167.7MB Client: Shell (sudo) inxi: 2.3.56
    Code:
    user@computer:~$ sudo sh spectre-meltdown-checker.sh
    Spectre and Meltdown mitigation detection tool v0.40
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64
    CPU is AMD Ryzen 7 2700X Eight-Core Processor
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
        * CPU indicates preferring IBRS always-on:  NO 
        * CPU indicates preferring IBRS over retpoline:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO 
        * CPU indicates IBPB capability:  YES  (IBPB_SUPPORT feature bit)
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
        * CPU indicates preferring STIBP always-on:  NO 
      * Speculative Store Bypass Disable (SSBD)
        * CPU indicates SSBD capability:  YES  (AMD non-architectural MSR)
      * L1 data cache invalidation
        * FLUSH_CMD MSR is available:  NO 
        * CPU indicates L1D flush capability:  NO 
      * CPU supports Software Guard Extensions (SGX):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 0x8 family 0x17 stepping 0x2 ucode 0x800820b cpuid 0x800f82)
      * CPU microcode is the latest known available version:  YES  (latest version is 0x800820b dated 2018/06/20 according to builtin MCExtractor DB v96 - 2019/01/15)
    * CPU vulnerability to the speculative execution attack variants
      * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES 
      * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES 
      * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  NO 
      * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  NO 
      * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES 
      * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  NO 
    
    CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
    * Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
    * Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
    * Kernel has the Red Hat/Ubuntu patch:  NO 
    * Kernel has mask_nospec64 (arm64):  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
    
    CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Full AMD retpoline, IBPB)
    * Mitigation 1
      * Kernel is compiled with IBRS support:  YES 
        * IBRS enabled and active:  NO 
      * Kernel is compiled with IBPB support:  YES 
        * IBPB enabled and active:  YES 
    * Mitigation 2
      * Kernel has branch predictor hardening (arm):  NO 
      * Kernel compiled with retpoline option:  YES 
        * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)
    
    CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports Page Table Isolation (PTI):  YES 
      * PTI enabled and active:  NO 
      * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3640 aka 'Variant 3a, rogue system register read'
    * CPU microcode mitigates the vulnerability:  YES 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3639 aka 'Variant 4, speculative store bypass'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    * Kernel supports speculation store bypass:  YES  (found in /proc/self/status)
    > STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    
    CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
    * CPU microcode mitigates the vulnerability:  N/A 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports PTE inversion:  YES  (found in kernel image)
    * PTE inversion enabled and active:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
    * Information from the /sys interface: 
    * This system is a host running a hypervisor:  NO 
    * Mitigation 1 (KVM)
      * EPT is disabled:  N/A  (the kvm_intel module is not loaded)
    * Mitigation 2
      * L1D flush is supported by kernel:  YES  (found flush_l1d in kernel image)
      * L1D flush enabled:  UNKNOWN  (unrecognized mode)
      * Hardware-backed L1D flush supported:  NO  (flush will be done in software, this is slower)
      * Hyper-Threading (SMT) is enabled:  YES 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK
    
    Need more detailed information about mitigation options? Use --explain
    A false sense of security is worse than no security at all, see --disclaimer

  19. Beitrag #69
    Themenstarter
    Grand Admiral
    Special
    Grand Admiral
    Avatar von TAL9000
    • Mein System
      Notebook
      Modell: Packard Bell EasyNote TS11-HR-138GE
      Desktopsystem
      Prozessor: AMD Ryzen 7 1700X // Intel Core i5-2500 // i3-540
      Mainboard: MSI B350 PC Mate // Fujitsu D2990-A14 // Intel DH55TC
      Kühlung: Arctic Liquid Freezer 240 + 2x SilverStone FW121 // EKL V26898-B963-V2 // Intel Boxed S115x
      Arbeitsspeicher: 2x16GB G.Skill DDR4-3200 // 2x2GB Kingston DDR3-1333 // 2x2GB elixir DDR3-1600
      Grafikkarte: Gigabyte Aorus RX 580 8GD5 // HIS Radeon RX 460 iCooler 2GB // OnCPU Intel GMA HD Graphics
      Display: 26" iiyama ProLite E2607WS-1 1920x1200
      SSD(s): Samsung SSM 850 EVO 250GB // SK Hynix Canvas SL308 250GB // OCZ Trion 150 120GB
      Festplatte(n): Samsung HD154UI 1,5TB // Western Digital Caviar Blue 640GB // Seagate Barracuda 7200.11 500GB
      Optische Laufwerke: - // Samsung TS-H653J // LG GH20NS15
      Soundkarte: OnBoard
      Gehäuse: Enermax iVektor schwarz // Esprimo P400 // TFX Desktop
      Netzteil: be quiet! Dark Power Pro 11 650W // be quiet! S6-SYS-UA-350W // Seasonic SS-250TFX
      Betriebssystem(e): Win10pro x64 // Win7pro x64 // Ubuntu 18.04 XFCE (Mint 19.1)
      Browser: Firefox
      Sonstiges: Danke thorsam KVM ATEN CS1764 4-fach Desktop USV APC BR900GI NAS QNAP TS431+TS431P2-4G je 4x4TB
    • Mein DC

      TAL9000 beim Distributed Computing

      Aktuelle Projekte: was halt so geht
      Lieblingsprojekt: SIMAP
      Rechner: CPU Intel Xeon X3220+X3460+X3470+i5-750+Q9550 GPU Radeon HD 5770+6770+5830+2x 5850+2x RX560
      Mitglied der Kavallerie: Ja
      BOINC-Statistiken:
      Folding@Home-Statistiken:

    Registriert seit
    20.03.2007
    Ort
    nähe Giessen
    Beiträge
    3.564
    Danke Danke gesagt 
    232
    Danke Danke erhalten 
    112
    Neu Sicherheitslücken, neue Version des Abfrage Tools und wieder angreifbar

    CPU Intel Core i5-660 auf Intel DH55TC BIOS Date: 12/06/2011, Linux Mint 19.1 Tessa mit Kernel 4.15.0-52-generic und intel-microcode 3.20190618.0ubuntu0.18.04.1
    Spoiler


    Zitat Zitat von Spectre and Meltdown mitigation detection tool v0.42

    Checking for vulnerabilities on current system
    Kernel is Linux 4.15.0-52-generic #56-Ubuntu SMP Tue Jun 4 22:49:08 UTC 2019 x86_64
    CPU is Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz

    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
    * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available: YES
    * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
    * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available: YES
    * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
    * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available: YES
    * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
    * Speculative Store Bypass Disable (SSBD)
    * CPU indicates SSBD capability: YES (Intel SSBD)
    * L1 data cache invalidation
    * FLUSH_CMD MSR is available: YES
    * CPU indicates L1D flush capability: YES (L1D flush feature bit)
    * Microarchitecture Data Sampling
    * VERW instruction is available: NO
    * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability: NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
    * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): NO
    * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
    * CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
    * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
    * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): NO
    * CPU supports Software Guard Extensions (SGX): NO
    * CPU microcode is known to cause stability problems: NO (model 0x25 family 0x6 stepping 0x5 ucode 0x7 cpuid 0x20655)
    * CPU microcode is the latest known available version: YES (latest version is 0x7 dated 2018/04/23 according to builtin MCExtractor DB v112 - 2019/05/22)
    * CPU vulnerability to the speculative execution attack variants
    * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
    * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
    * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
    * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
    * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
    * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
    * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
    * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
    * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
    * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
    * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
    * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES

    CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
    * Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
    * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
    * Kernel has the Red Hat/Ubuntu patch: NO
    * Kernel has mask_nospec64 (arm64): NO
    > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)

    CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
    * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
    * Mitigation 1
    * Kernel is compiled with IBRS support: YES
    * IBRS enabled and active: YES (for firmware code only)
    * Kernel is compiled with IBPB support: YES
    * IBPB enabled and active: YES
    * Mitigation 2
    * Kernel has branch predictor hardening (arm): NO
    * Kernel compiled with retpoline option: YES
    * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
    > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)

    CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
    * Mitigated according to the /sys interface: YES (Mitigation: PTI)
    * Kernel supports Page Table Isolation (PTI): YES
    * PTI enabled and active: YES
    * Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
    * Running as a Xen PV DomU: NO
    > STATUS: NOT VULNERABLE (Mitigation: PTI)

    CVE-2018-3640 aka 'Variant 3a, rogue system register read'
    * CPU microcode mitigates the vulnerability: YES
    > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)

    CVE-2018-3639 aka 'Variant 4, speculative store bypass'
    * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
    * SSB mitigation is enabled and active: YES (per-thread through prctl)
    * SSB mitigation currently active for selected processes: YES (ModemManager systemd-journald systemd-logind systemd-resolved systemd-udevd)
    > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)

    CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
    * CPU microcode mitigates the vulnerability: N/A
    > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

    CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
    * Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
    * Kernel supports PTE inversion: YES (found in kernel image)
    * PTE inversion enabled and active: YES
    > STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)

    CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
    * Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
    * This system is a host running a hypervisor: NO
    * Mitigation 1 (KVM)
    * EPT is disabled: NO
    * Mitigation 2
    * L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
    * L1D flush enabled: YES (conditional flushes)
    * Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
    * Hyper-Threading (SMT) is enabled: YES
    > STATUS: NOT VULNERABLE (this system is not running a hypervisor)

    CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
    * Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
    * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active: NO
    * SMT is either mitigated or disabled: NO
    > STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)

    CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
    * Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
    * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active: NO
    * SMT is either mitigated or disabled: NO
    > STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)

    CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
    * Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
    * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active: NO
    * SMT is either mitigated or disabled: NO
    > STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)

    CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
    * Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
    * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active: NO
    * SMT is either mitigated or disabled: NO
    > STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)

    > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:KO CVE-2018-12130:KO CVE-2018-12127:KO CVE-2019-11091:KO

    Need more detailed information about mitigation options? Use --explain
    A false sense of security is worse than no security at all, see --disclaimer
    Warum ich bei Seti@home raus bin? Wir finden schon auf der Erde keine Intelligenz, und da werden wir auch keine außerhalb finden

  20. Beitrag #70
    Admiral
    Special
    Admiral
    Avatar von Peet007
    • Mein System
      Desktopsystem
      Prozessor: AMD Ryzen 1700X
      Mainboard: Asrock X370 Taichi
      Kühlung: 480 Radi(schen) WaKü
      Arbeitsspeicher: 16 GB
      Grafikkarte: Radeon RX Vega 56
      Display: Fujitsu 26 Zoll
      Soundkarte: onBoard
      Netzteil: 750 Watt
      Betriebssystem(e): Manjaro
      Browser: Chromium
    • Mein DC

      Peet007 beim Distributed Computing

      Mitglied der Kavallerie: Nein
      BOINC-Statistiken:

    Registriert seit
    30.09.2006
    Beiträge
    1.360
    Danke Danke gesagt 
    6
    Danke Danke erhalten 
    0
    So sieht es bei Zen 1 aus

    Code:
    Checking for vulnerabilities on current system
    Kernel is Linux 5.0.19-19.05.27.amdgpu.ubuntu #1 SMP Mon May 27 08:23:24 CEST 2019 x86_64
    CPU is AMD Ryzen 7 1700X Eight-Core Processor
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
        * CPU indicates preferring IBRS always-on:  NO 
        * CPU indicates preferring IBRS over retpoline:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  YES 
        * CPU indicates IBPB capability:  YES  (IBPB_SUPPORT feature bit)
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
        * CPU indicates preferring STIBP always-on:  NO 
      * Speculative Store Bypass Disable (SSBD)
        * CPU indicates SSBD capability:  YES  (AMD non-architectural MSR)
      * L1 data cache invalidation
        * FLUSH_CMD MSR is available:  NO 
        * CPU indicates L1D flush capability:  NO 
      * CPU supports Software Guard Extensions (SGX):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 0x1 family 0x17 stepping 0x1 ucode 0x8001137 cpuid 0x800f11)
      * CPU microcode is the latest known available version:  NO  (latest version is 0x8001138 dated 2019/02/04 according to builtin MCExtractor DB v112 - 2019/05/22)
    * CPU vulnerability to the speculative execution attack variants
      * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES 
      * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES 
      * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  NO 
      * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  NO 
      * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES 
      * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)):  NO 
      * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)):  NO 
      * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)):  NO 
      * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)):  NO 
    
    CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
    * Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
    * Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
    * Kernel has the Red Hat/Ubuntu patch:  NO 
    * Kernel has mask_nospec64 (arm64):  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
    
    CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling)
    * Mitigation 1
      * Kernel is compiled with IBRS support:  YES 
        * IBRS enabled and active:  NO 
      * Kernel is compiled with IBPB support:  YES 
        * IBPB enabled and active:  YES 
    * Mitigation 2
      * Kernel has branch predictor hardening (arm):  NO 
      * Kernel compiled with retpoline option:  YES 
        * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)
    
    CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports Page Table Isolation (PTI):  YES 
      * PTI enabled and active:  NO 
      * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3640 aka 'Variant 3a, rogue system register read'
    * CPU microcode mitigates the vulnerability:  YES 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3639 aka 'Variant 4, speculative store bypass'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    * Kernel supports disabling speculative store bypass (SSB):  YES  (found in /proc/self/status)
    * SSB mitigation is enabled and active:  YES  (per-thread through prctl)
    * SSB mitigation currently active for selected processes:  YES  (ModemManager systemd-journald systemd-logind systemd-resolved systemd-timesyncd systemd-udevd waterfox)
    > STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    
    CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
    * CPU microcode mitigates the vulnerability:  N/A 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports PTE inversion:  YES  (found in kernel image)
    * PTE inversion enabled and active:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
    * Information from the /sys interface: Not affected
    * This system is a host running a hypervisor:  NO 
    * Mitigation 1 (KVM)
      * EPT is disabled:  N/A  (the kvm_intel module is not loaded)
    * Mitigation 2
      * L1D flush is supported by kernel:  YES  (found flush_l1d in kernel image)
      * L1D flush enabled:  NO 
      * Hardware-backed L1D flush supported:  NO  (flush will be done in software, this is slower)
      * Hyper-Threading (SMT) is enabled:  YES 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK
    Scheint alles OK zu sein nur der microcode wird als "nicht aktuell" angezeigt.

  21. Beitrag #71
    Technische Administration
    Dinosaurier

    Avatar von tomturbo
    • Mein System
      Notebook
      Modell: Microsoft Surface Pro 4
      Desktopsystem
      Prozessor: Phenom II X6 1045T
      Mainboard: Gigabyte 970A-UD3
      Kühlung: CoolerMaster Hyper 412S
      Arbeitsspeicher: 2x8GB Crucial Ballistix Tactical DDR3-1866
      Grafikkarte: Sapphire R7 250E ultimate / lüfterlos
      Display: HP ZR2740w (2560x1440)
      SSD(s): 2xSamsung 830 128GB
      Festplatte(n): Seagate ST31500341AS 1500GB
      Optische Laufwerke: Samsung Brenner
      Soundkarte: onboard
      Gehäuse: Fractal Design Define R4
      Netzteil: XFX 550W
      Betriebssystem(e): Arch Linux, Windows VM
      Browser: Firefox + Chromium + Konqueror
    • Mein DC

      tomturbo beim Distributed Computing

      Aktuelle Projekte: SETI@HOME, Universe@HOME, Asteroids@HOME
      Lieblingsprojekt: SETI@HOME
      Rechner: Xeon E3-1245V2; Raspberry Pi 3; NUC6i3BNH
      Mitglied der Kavallerie: Nein
      BOINC-Statistiken:

    Registriert seit
    30.11.2005
    Ort
    Österreich
    Beiträge
    6.919
    Danke Danke gesagt 
    205
    Danke Danke erhalten 
    8
    Arch Linux
    Kernel 5.1.12-arch1-1-ARCH

    Code:
    Checking for vulnerabilities on current system
    Kernel is Linux 5.1.12-arch1-1-ARCH #1 SMP PREEMPT Wed Jun 19 09:16:00 UTC 2019 x86_64
    CPU is AMD FX-8320E Eight-Core Processor
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
        * CPU indicates preferring IBRS always-on:  NO 
        * CPU indicates preferring IBRS over retpoline:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  YES 
        * CPU indicates IBPB capability:  YES  (IBPB_SUPPORT feature bit)
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
        * CPU indicates preferring STIBP always-on:  NO 
      * Speculative Store Bypass Disable (SSBD)
        * CPU indicates SSBD capability:  YES  (AMD non-architectural MSR)
      * L1 data cache invalidation
        * FLUSH_CMD MSR is available:  NO 
        * CPU indicates L1D flush capability:  NO 
      * CPU supports Software Guard Extensions (SGX):  NO 
      * CPU microcode is known to cause stability problems:  NO  (model 0x2 family 0x15 stepping 0x0 ucode 0x6000852 cpuid 0x600f20)
      * CPU microcode is the latest known available version:  YES  (latest version is 0x6000852 dated 2018/02/06 according to builtin MCExtractor DB v112 - 2019/05/22)
    * CPU vulnerability to the speculative execution attack variants
      * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES 
      * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES 
      * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  NO 
      * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  NO 
      * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES 
      * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)):  NO 
      * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)):  NO 
      * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)):  NO 
      * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)):  NO 
    
    CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
    * Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
    * Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
    * Kernel has the Red Hat/Ubuntu patch:  NO 
    * Kernel has mask_nospec64 (arm64):  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
    
    CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling)
    * Mitigation 1
      * Kernel is compiled with IBRS support:  YES 
        * IBRS enabled and active:  NO 
      * Kernel is compiled with IBPB support:  YES 
        * IBPB enabled and active:  YES 
    * Mitigation 2
      * Kernel has branch predictor hardening (arm):  NO 
      * Kernel compiled with retpoline option:  YES 
        * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)
    
    CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports Page Table Isolation (PTI):  YES 
      * PTI enabled and active:  NO 
      * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3640 aka 'Variant 3a, rogue system register read'
    * CPU microcode mitigates the vulnerability:  YES 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3639 aka 'Variant 4, speculative store bypass'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    * Kernel supports disabling speculative store bypass (SSB):  YES  (found in /proc/self/status)
    * SSB mitigation is enabled and active:  YES  (per-thread through prctl)
    * SSB mitigation currently active for selected processes:  YES  (firefox systemd-journald systemd-logind systemd-udevd upowerd)
    > STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    
    CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
    * CPU microcode mitigates the vulnerability:  N/A 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports PTE inversion:  YES  (found in kernel image)
    * PTE inversion enabled and active:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
    * Information from the /sys interface: Not affected
    * This system is a host running a hypervisor:  NO 
    * Mitigation 1 (KVM)
      * EPT is disabled:  N/A  (the kvm_intel module is not loaded)
    * Mitigation 2
      * L1D flush is supported by kernel:  YES  (found flush_l1d in kernel image)
      * L1D flush enabled:  NO 
      * Hardware-backed L1D flush supported:  NO  (flush will be done in software, this is slower)
      * Hyper-Threading (SMT) is enabled:  YES 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-36
    Scheint alles klar zu sein

    4000 U/min wo der Diesel aufhört und richtige Motoren zu arbeiten beginnen

    "Ubuntu" - an African word meaning "Gentoo is too hard for me"

    vegan aus Überzeugung

    real man don't click

Seite 3 von 3 ErsteErste 123

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •