User avatar
kyrios
Posts: 2055
Joined: Thu Sep 22, 2016 4:20 pm

Re: What to do about Intel, AMD and ARM security flaws?

Thu Jan 11, 2018 5:05 pm

  • Linux kernel has been patched twice already to mitigate these vulnerabilities. I guess it will be patched one more time before next sync (and as announced by the kernel maintainers, there will still be many
  • Firefox has been patched
  • Flash NPAPI & PPAPI have been patched
  • There is a patch for intel-microcode awaiting review
  • Webkit-gtk is patched already on unstable
  • ...
There is a close follow up... The most urgent actions have been taken already and some others are on-going. A fast reaction is important but rushing is never a good idea, especially since we saw that some Windows & Ubuntu machines failed to boot after the patch was applied.

User avatar
ycrawler
Posts: 136
Joined: Thu Aug 10, 2017 8:23 pm

Re: What to do about Intel, AMD and ARM security flaws?

Thu Jan 11, 2018 6:51 pm

up2date solus, but no bios update available yet and im vurnerable to both spectre variants but not meltdown according to this linux script described here https://www.ghacks.net/2018/01/11/check ... erability/

6700 (non k) + asus z170i pro gaming

User avatar
Lorien
Posts: 51
Joined: Wed May 03, 2017 2:05 am

Re: What to do about Intel, AMD and ARM security flaws?

Thu Jan 11, 2018 7:47 pm

As a Linux "rookie" i am wondering about this "There is a patch for intel-microcode awaiting review"

Does this mean that when it's released for Solus, i don't need the bios/microcode update from my motherboard vendor anymore ?

Is the Solus intel-microcode update overruling what microcode may be in my cpu/chipset ?

I am waiting for updates from Asus: https://www.asus.com/News/V5urzYAT6myCC1o2

>>Update<<
Found my answer here: https://www.bleepingcomputer.com/news/s ... o-decades/

"Using microcode files, an operating system can fix known bugs in Intel CPU without having to perform a BIOS update on the computer."

I did not know that...
Last edited by Lorien on Thu Jan 11, 2018 11:00 pm, edited 2 times in total.

brent
Posts: 240
Joined: Tue Apr 11, 2017 2:31 am
Location: desert usa

Re: What to do about Intel, AMD and ARM security flaws?

Thu Jan 11, 2018 10:15 pm

Good thread and comments, posters and kyrios.
I took Danielson's mentioned Github script vulnerability test:

Code: Select all

Spectre and Meltdown mitigation detection tool v0.27

Checking for vulnerabilities against live running kernel Linux 4.9.75-68.lts #1 SMP Sat Jan 6 01:30:07 UTC 2018 x86_64

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  UNKNOWN 
> STATUS:  UNKNOWN  (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  UNKNOWN  (couldn't read your kernel configuration)
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  NO 
* PTI enabled and active:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

A false sense of security is worse than no security at all, see --disclaimer
Got lucky with a double NOT VULNERABLE, but see their cryptic disclaimer...
I read a while and this is what it does. It's an ingenious cross-platform virus that infects you via cpu--meaning EVERYTHING with a chip is vulnerable now, then hides in kernel memory, hangs out, steals stuff, phones home.
Since it reads all mapped memory,..and evolves to execute malicious scripts to that aim...aren't their more efficient ways to spy/surveillance than this already? Your smart tv does a much better job as aggregator! .Spectre/Meltdown's aims see more industrial. Just spit-balling here...but it's in the wild for a reason I guess. Seems like it was built to steal. As far as banking and accounts it could wreck a passive home user's life.
But the gall it took to think outside the platform box and create something that can effect every CPU device/user on the planet is pretty sinister.
Unless it's been thought of before and I just don't read enough tech stuff...

User avatar
ycrawler
Posts: 136
Joined: Thu Aug 10, 2017 8:23 pm

Re: What to do about Intel, AMD and ARM security flaws?

Thu Jan 11, 2018 11:31 pm

ubuntu just updated their microcode, guessing solus will follow suit
might do it manually as suggested by lorien
is the method on solus as described here ?
In modern Linux distributions this is typically done by copying the downloaded intel-ucode folder into the /lib/firmware folder and then running the echo 1 > /sys/devices/system/cpu/microcode/reload command.

User avatar
Lorien
Posts: 51
Joined: Wed May 03, 2017 2:05 am

Re: What to do about Intel, AMD and ARM security flaws?

Thu Jan 11, 2018 11:39 pm

"might do it manually as suggested by lorien"
I have never suggested that, i was looking for an answer to my question and found it in the article i linked. :)

Will wait for the Solus friday update, i am fairly sure it will be included.
Last edited by Lorien on Thu Jan 11, 2018 11:44 pm, edited 1 time in total.

User avatar
ycrawler
Posts: 136
Joined: Thu Aug 10, 2017 8:23 pm

Re: What to do about Intel, AMD and ARM security flaws?

Thu Jan 11, 2018 11:43 pm

ah, i read it as if you had done it, sorry
yeah might wait until tomorrow

sunnyflunk
Development Team
Posts: 2967
Joined: Sun Mar 13, 2016 11:35 pm

Re: What to do about Intel, AMD and ARM security flaws?

Fri Jan 12, 2018 12:02 am

What to do about Intel, AMD and ARM security flaws?
Continue to keep your system fully updated.


User avatar
Lorien
Posts: 51
Joined: Wed May 03, 2017 2:05 am

Re: What to do about Intel, AMD and ARM security flaws?

Fri Jan 12, 2018 2:37 pm

Looks like there might be some issues with the microcode updates from Intel:

https://www.marketwatch.com/story/intel ... 2018-01-11

https://newsroom.intel.com/news/intel-s ... ot-issues/

Not sure if it applies to desktop users though...

Return to “General Chit-Chat”