Nicholas Geovanis <nickgeova...@gmail.com> wrote: > I've installed the patch for CVE-2017-5754 as well as the microcode update:
Well, Intel majorly fscked up their microcodes and strongly recommends to revert to an earlier BIOS/UEFI firmware (if possible) and also advised all vendors shipping microcode as a separate package (meaning VMware and all Linux vendors here) to revert to the version from November 2017, which so far all major Linux distributions have done. (Debian didn't even ship the update for Stable/Oldstable because the problems where already showing two weeks ago.) So, right now, unless you have the latest bleeding edge kernel, compiled with a repoline-aware pre-release GCC, you will be vulnerable for CVE-2017-5753 (Spectre#1) and CVE-2017-5715 (Spectre#2) for quite some time. > # uname -a > Linux ftp51 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08) > x86_64 GNU/Linux > # dmesg | grep isolation > [ 0.000000] Kernel/User page tables isolation: enabled > And yet, the widely-recommended test script at > https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh Did you run the script as root? Did you use the most recent version of it? It gets developed quite rapidly, maybe you got a version which was not correctly functioning at that moment, giving that you download the script from the master-branch instead of one of the tagged releases. S° -- Sigmentation fault. Core dumped.
