Im vulnurable to cpu_meltdown spectre_v1 spectre_v2 mds msbd

[Udaba]

Is there any way to fix this . with this command : cat /proc/cpuinfo
i got this : bugs: cpu_meltdown spectre_v1 spectre_v2 mds msbds_only

Any ideas what i should do?

[NFT5]

Read this, especially the DSA and CVE links.

Run the Meltdown checker tool if you really need to.

Take appropriate action, if necessary, as detailed in above. In my case the appropriate action was to go and have a cup of tea.

[theblueplll]

Is there any way to fix this . with this command : cat /proc/cpuinfo
i got this : bugs: cpu_meltdown spectre_v1 spectre_v2 mds msbds_only

Any ideas what i should do?

Stop using Intel cpu's is all that you can do if it worries you that much.

[cuckooflew]

With out more specific details on your hardware, verison of Debian, etc. no one can really say, but the link provided by NFT5 is a good place to start checking, it shows what versions have not been mitigated:
https://wiki.debian.org/DebianSecurity/SpectreMeltdown
Other CPU's could have vulnerabilities as well and no one has found them yet, or if they have , they have not told anyone, so in a nut shell just changing CPU does not guarantee better security,... Since Intel is used in so many machines, including most PC's used in financial institutions, a huge amount of effort has been put into mitgating this problem.
If you are not technically skilled enough and securty is essential, your best option is to get someone that is skilled and well informed, to help you make sure. I remember when all the scare about the "Meltdown" and Intel ,etc started, my grand father was working night and day, and went out of town for several weeks, but that is another topic.
If it is of any assurance, my PC and laptop both have Intel inside, and I don't worry about it, but then I had my grandfather to help take care of that.

[Udaba]

I have an Intel(R) Celeron(R) CPU N2840 @ 2.16GHz and i run Buster . i have no idea what i should do . the link ntf5 says buster is not vulnurable but it is.

[Head_on_a_Stick]

it is

Is not:

Code: Select all

grep -R . /sys/devices/system/cpu/vulnerabilities

But it's probably worth noting that Intel's rubbish processors will doubtless be vulnerable to other side-channel attacks thanks to their laughable SMT implementation. The kernel devs are in Intel's pocket and so won't disable hyperthreading by default (unlike the OpenBSD devs) so you should probably do that yourself by adding the nosmt kernel command line parameter.

EDIT: actually your processor doesn't seem to support hyperthreading but I'll leave that note here for others who are not so fortunate.

[theblueplll]

it is

Is not:

Code: Select all

grep -R . /sys/devices/system/cpu/vulnerabilities

But it's probably worth noting that Intel's rubbish processors will doubtless be vulnerable to other side-channel attacks thanks to their laughable SMT implementation. The kernel devs are in Intel's pocket and so won't disable hyperthreading by default (unlike the OpenBSD devs) so you should probably do that yourself by adding the nosmt kernel command line parameter.

EDIT: actually your processor doesn't seem to support hyperthreading but I'll leave that note here for others who are not so fortunate.

Was I seeing things or did you have a link in your post earlier?

I could swear I was reading more about this subject somewhere that you posted on the forums earlier.