On 13/02/2020 11.54, Marcus Meissner wrote:
On Thu, Feb 13, 2020 at 11:41:16AM +0100, Carlos E. R. wrote:
On 13/02/2020 08.30, Marcus Meissner wrote:
Hi,
On Wed, Feb 12, 2020 at 08:29:53PM -0800, PGNet Dev wrote:
This security update
https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
addresses
...
on an old, but otherwise functional, laptop,
cat /proc/cpuinfo | grep -i "model name" model name : Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
...
a check with
spectre-meltdown-checker.sh --version Spectre and Meltdown mitigation detection tool v0.43
returns
...
and
cat /sys/devices/system/cpu/vulnerabilities/mds Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
what additional mitigation, &/or specific microcode update is required to complete the mitigations?
A newer processor. :/
Sadly, Intel does not provide updated microcode for older processors.
Doesn't the Linux kernel include other mitigations besides Intel provided microcode?
If only new processors are covered by them, we are doomed. :-(
Some of the processor mitigations can be done in software, like retpolines or spectre v1 and v3 like fixes, or L1TF baremetal fixes.
Others need CPU Microcode help, and yes, these are then problematic.
The major ones like Meltdown, SPectre v1, v2 are covered by software only solutions, the rest has a smaller impact.
If you are just using this as your home machine or laptop, no need to worry.
Thanks. Well, I'm replacing my main desktop machine (because of other reasons), but the new CPU will be a AMD Ryzen, because of these problems. Intel now scares me. And the mitigations make them slower. But I have other machines I can not replace, and one of them is reachable from Internet via ssh: Intel(R) Pentium(R) CPU N3710 @ 1.60GHz
Realistic attack scenarios include multiuser servers, either with untrusted users or untrusted VMs.
No, nothing like that. Unless we consider Apache to be vulnerable, as the users are unknown. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)