Home | News | Download | Packages | Forum | Wiki | Github

[Solved] Meltdown and Spectre Vulnerabilities


#41

Might not have come through to my mirror yet but im seeing an older version of the microcode to be installed ?

Edit:
nevermind, using “sudo xbps-install -S intel-ucode” brings up latest package.

Thanks


(jacky) #42

thanks for the clarification… ease with xbps-install if microcode is available.


#43

although it’s not entirely clear to me if installing that is all that’s needed:

sudo sh spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.24

Checking for vulnerabilities against live running kernel Linux 4.14.12_4 #1 SMP PREEMPT Mon Jan 8 11:05:24 UTC 2018 x86_64

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO  (only 30 opcodes found, should be >= 70)
> STATUS:  VULNERABLE  (heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer

EDIT i guess this line (in the template):

echo "early_microcode=yes" >> ${DESTDIR}/etc/dracut.conf.d/intel_ucode.conf

should get it to load a boot…


#44

How necessary are the microcode updates? I’ve been trying to avoid binary blobs as much as possible on some (though not all) of my systems.


#45

Read this excellent comment for example…


(jacky) #46

You may like to read this…

if you have a closed source CPU you have the binary blobs installed… so you must update them when security is an issue.


(jacky) #47

Binary Blobs research:
interesting videos from 34C3

1- https://media.ccc.de/v/34c3-8782-intel_me_myths_and_reality
2- https://media.ccc.de/v/34c3-9058-everything_you_want_to_know_about_x86_microcode_but_might_have_been_afraid_to_ask
3- https://media.ccc.de/v/34c3-8762-inside_intel_management_engine


(jacky) #48

The Management Engine: an attack on computer users’ freedom
https://www.fsf.org/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom


#49

Thanks for the links/info. I realise this machine still has closed source blobs in it anyway (including for things like SATA connections, and usb ports), but I’ve still tried to limit the number of binary blobs involved as much as possible (I’ve me_clean’ed it, for instance, and installed coreboot).

I wish there were clearer information about the details of necessity/function of the intel microcode, but I suppose that’s the whole (problematic) nature of closed source code…

edit: after installing the intel ucode, and reconfiguring dracut, it seems to turn out that intel hasn’t updated the microcode for my processor recently anyway…:

[    0.000000] microcode: microcode updated early to revision 0x1c, date = 2015-02-26
[    0.594751] microcode: sig=0x306a9, pf=0x10, revision=0x1c
[    0.594852] microcode: Microcode Update Driver: v2.2.

(jacky) #50

Meltdown Patch Broke Some Ubuntu Systems
http://www.securityweek.com/meltdown-patch-broke-some-ubuntu-systems?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+(SecurityWeek+RSS+Feed)


#51

Well, it broke even more Windows systems!:joy:
There was a big problem with the 4.4.0-108 kernel and therefore the 4.4.0-109 was quickly released.
I run Peppermint 7 (as you probably know, Ubuntu based) on another laptop and had no issues with the update. Some users got problems on day one due to broken dependencies, that in turn were caused by server overload. Ubuntu, like everyone else, including Google, Apple, Microsoft and even the BSD’S are just trying to solve an issue they did not create. Some users will be getting broken machines.
What is Intel doing? They are the major responsible!


(jacky) #52

Meltdown Code Proves Concept


fun :))


(jacky) #53

Good read from Qubes-os Security Bulletin…


(jacky) #54

Its getting funny out there…


#55

Yesterday, a friend asked for my advice before bying a new laptop…

And I told her: "At the moment, to avoid problems, you must select a laptop with an AMD CPU, not NOT! Intel. :face_with_symbols_over_mouth:


(jacky) #56

Intel again…


#57

Wow!.. yet another vulnerability? Congratulations Intel! That beats everyone else…so, you’re the “be(a)st”


#58

Is terminator 2 closer than we think?!

With vulnerabilities like this its only a matter of time before some hardware that is linked to critical infrastructure becomes compromised. Which begs the question, what sort of infrastructure could be compromised, power plants, grids, hospitals, hopefully they have manual back ups as in manual systems in place that do not require computation, which i am sure they would?


(jacky) #59

New Spectre example code to tried…

Here is my result:

cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 58
model name : Intel® Core™ i5-3320M CPU @ 2.60GHz

./spectre
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfedb8… Success: 0x54=’T’ score=9
Reading at malicious_x = 0xffffffffffdfedb9… Success: 0x68=’h’ score=2
Reading at malicious_x = 0xffffffffffdfedba… Success: 0x65=’e’ score=53 (second best: 0x05 score=24)
Reading at malicious_x = 0xffffffffffdfedbb… Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfedbc… Success: 0x4D=’M’ score=7 (second best: 0x05 score=1)
Reading at malicious_x = 0xffffffffffdfedbd… Success: 0x61=’a’ score=11 (second best: 0x00 score=1)
Reading at malicious_x = 0xffffffffffdfedbe… Success: 0x67=’g’ score=2
Reading at malicious_x = 0xffffffffffdfedbf… Success: 0x69=’i’ score=7 (second best: 0x00 score=3)
Reading at malicious_x = 0xffffffffffdfedc0… Success: 0x63=’c’ score=2
Reading at malicious_x = 0xffffffffffdfedc1… Success: 0x20=’ ’ score=7 (second best: 0x05 score=1)
Reading at malicious_x = 0xffffffffffdfedc2… Success: 0x57=’W’ score=7 (second best: 0x05 score=1)
Reading at malicious_x = 0xffffffffffdfedc3… Success: 0x6F=’o’ score=7 (second best: 0x05 score=1)
Reading at malicious_x = 0xffffffffffdfedc4… Success: 0x72=’r’ score=2
Reading at malicious_x = 0xffffffffffdfedc5… Success: 0x64=’d’ score=2
Reading at malicious_x = 0xffffffffffdfedc6… Success: 0x73=’s’ score=2
Reading at malicious_x = 0xffffffffffdfedc7… Success: 0x20=’ ’ score=7 (second best: 0x05 score=1)
Reading at malicious_x = 0xffffffffffdfedc8… Success: 0x61=’a’ score=11 (second best: 0x05 score=3)
Reading at malicious_x = 0xffffffffffdfedc9… Success: 0x72=’r’ score=11 (second best: 0x05 score=3)
Reading at malicious_x = 0xffffffffffdfedca… Success: 0x65=’e’ score=7 (second best: 0x05 score=1)
Reading at malicious_x = 0xffffffffffdfedcb… Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfedcc… Success: 0x53=’S’ score=41 (second best: 0x05 score=18)
Reading at malicious_x = 0xffffffffffdfedcd… Success: 0x71=’q’ score=75 (second best: 0x05 score=35)
Reading at malicious_x = 0xffffffffffdfedce… Success: 0x75=’u’ score=39 (second best: 0x05 score=17)
Reading at malicious_x = 0xffffffffffdfedcf… Success: 0x65=’e’ score=13 (second best: 0x05 score=4)
Reading at malicious_x = 0xffffffffffdfedd0… Success: 0x61=’a’ score=33 (second best: 0x05 score=14)
Reading at malicious_x = 0xffffffffffdfedd1… Success: 0x6D=’m’ score=41 (second best: 0x05 score=18)
Reading at malicious_x = 0xffffffffffdfedd2… Success: 0x69=’i’ score=53 (second best: 0x05 score=24)
Reading at malicious_x = 0xffffffffffdfedd3… Success: 0x73=’s’ score=11 (second best: 0x00 score=1)
Reading at malicious_x = 0xffffffffffdfedd4… Success: 0x68=’h’ score=17 (second best: 0x00 score=4)
Reading at malicious_x = 0xffffffffffdfedd5… Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfedd6… Success: 0x4F=’O’ score=17 (second best: 0x00 score=4)
Reading at malicious_x = 0xffffffffffdfedd7… Success: 0x73=’s’ score=19 (second best: 0x05 score=7)
Reading at malicious_x = 0xffffffffffdfedd8… Success: 0x73=’s’ score=2
Reading at malicious_x = 0xffffffffffdfedd9… Success: 0x69=’i’ score=37 (second best: 0x05 score=16)
Reading at malicious_x = 0xffffffffffdfedda… Success: 0x66=’f’ score=49 (second best: 0x05 score=22)
Reading at malicious_x = 0xffffffffffdfeddb… Success: 0x72=’r’ score=7 (second best: 0x05 score=1)
Reading at malicious_x = 0xffffffffffdfeddc… Success: 0x61=’a’ score=17 (second best: 0x00 score=4)
Reading at malicious_x = 0xffffffffffdfeddd… Success: 0x67=’g’ score=7 (second best: 0x05 score=1)
Reading at malicious_x = 0xffffffffffdfedde… Success: 0x65=’e’ score=9 (second best: 0x05 score=2)
Reading at malicious_x = 0xffffffffffdfeddf… Success: 0x2E=’.’ score=2


(jacky) #60

“Clear Linux” By Intel
this is a comment by mikorist "There is only one OS (currently) in world I know of that are fully patched from this Spectre attack at the OS level."
mikorist

is that true!!!does any one know this OS?call me a conspiracy theorist…