[Eisfair] [e1] eiskernel 3.20.0 (Status 'stable') verfügbar - 3.16er Kernel für eisfair-1

Gerd Walter fli4l.ng at hgwb.de
Fr Okt 26 16:10:15 CEST 2018


Am 26.10.18 um 15:29 schrieb Gerd Walter:
> 
> Das sieht auf meinen Eisfair in der VM mit einer
> Intel(R) Xeon(R) CPU E5645 nicht gerade gut aus:
> 
> eisfair # ./spectre-meltdown-checker  --batch text 2>/dev/null
> CVE-2017-5753: OK (Mitigation: __user pointer sanitization)
> CVE-2017-5715: OK (IBRS + IBPB are mitigating the vulnerability)
> CVE-2017-5754: VULN (Xen PV DomUs are vulnerable and need to be run in 
> HVM, PVHVM, PVH mode, or the Xen hypervisor must have the Xen's own PTI 
> patch)
> CVE-2018-3640: VULN (an up-to-date CPU microcode is needed to mitigate 
> this vulnerability)
> CVE-2018-3639: VULN (Neither your CPU nor your kernel support SSBD)
> CVE-2018-3615: OK (your CPU vendor reported your CPU model as not 
> vulnerable)
> CVE-2018-3620: VULN (Your kernel doesn't support PTE inversion, update it)
> CVE-2018-3646: OK (this system is not running an hypervisor)

Auf einer VM 64bit(HVM) unter einen E5-2660 sieht es besser aus:

eis # ./spectre-meltdown-checker --batch text 2>/dev/null
CVE-2017-5753: OK (Mitigation: __user pointer sanitization)
CVE-2017-5715: OK (IBRS + IBPB are mitigating the vulnerability)
CVE-2017-5754: OK (Mitigation: PTI)
CVE-2018-3640: OK (your CPU microcode mitigates the vulnerability)
CVE-2018-3639: VULN (your kernel needs to be updated)
CVE-2018-3615: OK (your CPU vendor reported your CPU model as not 
vulnerable)
CVE-2018-3620: VULN (Your kernel doesn't support PTE inversion, update it)
CVE-2018-3646: OK (this system is not running an hypervisor)

Gruß
Gerd


Mehr Informationen über die Mailingliste Eisfair