Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

  1. #11
    Join Date
    Jun 2008
    Location
    West Yorkshire, UK
    Posts
    3,448

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    https://github.com/speed47/spectre-meltdown-checker/ reports potential hardware vulnerabilities for my AMD system but mitigations of Spectre V1 and V2 and Meltdown sufficient to consider the system not vulnerable.

  2. #12

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Quote Originally Posted by john_hudson View Post
    https://github.com/speed47/spectre-meltdown-checker/ reports potential hardware vulnerabilities for my AMD system but mitigations of Spectre V1 and V2 and Meltdown sufficient to consider the system not vulnerable.
    There is a reason why to this tool a message was added informing that a false sense of security is worse than knowing a system is insecure. Today I tested this Spectre PoC on my *patched* Leap installation and the exploit worked.

  3. #13
    Join Date
    Sep 2012
    Posts
    5,011

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Quote Originally Posted by heyjoe View Post
    Today I tested this Spectre PoC on my *patched* Leap installation and the exploit worked.
    You seem to completely misunderstand the nature of Spectre. It cannot be fixed externally once and for all. Each potential victim code must be changed to use mitigation technique to avoid being exploited. So of course code that explicitly avoids mitigation will continue to be vulnerable. If your example contained victim function that used one of available mitigation then it would be real problem.

  4. #14
    Join Date
    Feb 2018
    Location
    Romania
    Posts
    398

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Maybe I am wrong but what I understand about Spectre is that is a hardware flaw so that never will be completely patched by software.

  5. #15

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Quote Originally Posted by arvidjaar View Post
    You seem to completely misunderstand the nature of Spectre. It cannot be fixed externally once and for all. Each potential victim code must be changed to use mitigation technique to avoid being exploited. So of course code that explicitly avoids mitigation will continue to be vulnerable. If your example contained victim function that used one of available mitigation then it would be real problem.
    Just because I pointed out the same which you explain through a practical example doesn't mean I don't understand. There is no fix for Spectre through software, it needs new hardware. Perhaps a good analogy would be: All the mitigations are just like putting hosts in a blacklist one by one while having everything else whitelisted.

    Strangely there are still people who argue that it is safe to enable browser JavaScript just because their kernel and/or browser is patched.

  6. #16

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Quote Originally Posted by another_roadrunner View Post
    Maybe I am wrong but what I understand about Spectre is that is a hardware flaw so that never will be completely patched by software.
    You are not wrong.

  7. #17
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,510

    Cool Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    For those folks who steer clear of Intel and NVIDIA products, an AMD system looks like this:
    Code:
     > uname -a
    Linux XXX 4.4.120-45-default #1 SMP Wed Mar 14 20:51:49 UTC 2018 (623211f) x86_64 x86_64 x86_64 GNU/Linux
     > 
     > find /sys/devices/system/cpu/vulnerabilities/ -type f -print -exec /usr/bin/cat '{}' \;
    /sys/devices/system/cpu/vulnerabilities/spectre_v1
    Mitigation: __user pointer sanitization
    /sys/devices/system/cpu/vulnerabilities/spectre_v2
    Mitigation: Full AMD retpoline - vulnerable module loaded
    /sys/devices/system/cpu/vulnerabilities/meltdown
    Not affected
     >
    Code:
     # journalctl --this-boot | grep -iE 'Spectre|Melt'
    Mär 24 13:02:05 XXX kernel: Spectre V2 : Mitigation: Full AMD retpoline
    Mär 24 13:02:05 XXX kernel: Spectre V2 : Filling RSB on context switch
    Mär 24 13:02:11 XXX kernel: Spectre V2 : System may be vulnerable to spectre v2
    Mär 24 13:02:11 XXX kernel: Spectre V2 : System may be vulnerable to spectre v2
    Mär 24 13:02:11 XXX kernel: Spectre V2 : System may be vulnerable to spectre v2
    Mär 24 13:02:11 XXX kernel: Spectre V2 : System may be vulnerable to spectre v2
     #

  8. #18
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,478
    Blog Entries
    3

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Quote Originally Posted by heyjoe View Post
    After running 'zypper up' which updated to kernel 4.4.120-45.1 and rebooting I get:

    Code:
    [~]: dmesg...
    [    1.717166] NVRM: loading NVIDIA UNIX x86_64 Kernel Module  390.42  Sat Mar  3 04:10:22 PST 2018 (using threaded interrupts)
    [    1.719392] Spectre V2 : System may be vulnerable to spectre v2
    I saw that on one system. Since it was VM used for testing, I didn't worry too much.

    I noticed that there were more updates. I applied them and rebooted. And I have not seen that message since.

    I think it was due to a bad update (probably an incomplete update). There were possibly two packages that needed updating together, and I managed to get in when only one of those was available.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  9. #19

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Quote Originally Posted by wilkerj View Post
    I applied the kernel update yesterday and also get the aforementioned Spectre V2 warnings on boot.

    Some data:

    uname -a
    Linux linux-3wjh.site 4.4.120-45-default #1 SMP Wed Mar 14 20:51:49 UTC 2018 (623211f) x86_64 x86_64 x86_64 GNU/Linux

    zypper se -s ucode
    Loading repository data...
    Reading installed packages...


    S | Name | Type | Version | Arch | Repository
    ---+------------------+------------+--------------------------------+--------+-----------------------
    | iucode-tool | package | 2.1.2-1.1 | x86_64 | Main Repository (OSS)
    i+ | ucode-amd | package | 20170530-17.1 | noarch | Main Update Repository
    v | ucode-amd | package | 20170530-14.1 | noarch | Main Update Repository
    v | ucode-amd | package | 20170530-11.1 | noarch | Main Update Repository
    v | ucode-amd | package | 20170530-9.1 | noarch | Main Repository (OSS)
    i | ucode-intel | package | 20180312-22.1 | x86_64 | Main Update Repository
    v | ucode-intel | package | 20180108.revertto20170707-19.1 | x86_64 | Main Update Repository
    v | ucode-intel | package | 20170707-10.1 | x86_64 | Main Update Repository
    v | ucode-intel | package | 20170511-8.1 | x86_64 | Main Repository (OSS)
    | ucode-intel | srcpackage | 20180312-22.1 | noarch | Main Update Repository
    | ucode-intel | srcpackage | 20180108.revertto20170707-19.1 | noarch | Main Update Repository
    | ucode-intel | srcpackage | 20170707-10.1 | noarch | Main Update Repository
    | ucode-intel-blob | package | 20180312-22.1 | x86_64 | Main Update Repository
    | ucode-intel-blob | package | 20180108.revertto20170707-19.1 | x86_64 | Main Update Repository
    | ucode-intel-blob | package | 20170707-10.1 | x86_64 | Main Update Repository
    | ucode-intel-blob | package | 20170511-8.1 | x86_64 | Main Repository (OSS)

    cat /sys/devices/system/cpu/vulnerabilities/*
    Mitigation: PTI
    Mitigation: __user pointer sanitization
    Mitigation: Full generic retpoline - vulnerable module loaded
    I wonder, do you know why / how you ended up with both ucode-amd and ucode-intel installed? I'm asking because I having the same warning at boot and I also have ucode-amd installed even though I have an intel, and I'm pretty sure I did not install it myself...

  10. #20

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Hi all,

    after getting the same warning, I checked what versions of ucode I had installed and found out that I had both ucode-amd and ucode-intel. I remove ucode-amd and rebooted, and the warning is not showing anymore.
    Maybe that will help some of you!

    In brief:
    Code:
    zypper se -s ucode
    zypper rm ucode-amd
    reboot
    Cheers

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •