On Mon, Jun 29, 2020 at 10:34 AM Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote:
On 2020-06-29 07:33, Sreyan Chakravarty wrote:
>
> Hi,
>
> Well guys, its time to panic once again.
>
>
> I just found out my system is vulnerable to the new Crosstalk vulnerability by running the popular Meltdown OVH script.
>
> More about the vulnerability over here:
>
> https://www.vusec.net/projects/crosstalk/
>
> These exploits get worse each time, this one affects all cores.
>
>
> This is how I tested for the vulnerability.
>
> Downloaded spectre-meltdown-checker.sh via :
>
> wget https://meltdown.ovh -O spectre-meltdown-checker.sh
>
> and then just executed with sudo.
>
> This is the output I got:
>
> * SRBDS mitigation control is enabled and active: NO
> > STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate the vulnerability)
>
> CVE-2020-0543:KO
I get
CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
* SRBDS mitigation control is enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
This was reported fixed in microcode_ctl-2.1-39.fc32 as shown in the links you've provided.
Do you have that package updated?
How do I update the microcode ?
As you can see DNF already tells me my microcode is already the latest version.
What else can I do ?
Regards,
Sreyan Chakravarty
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
