Im vulnurable to cpu_meltdown spectre_v1 spectre_v2 mds msbd

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
Udaba
Posts: 36
Joined: 2019-03-18 00:35

Im vulnurable to cpu_meltdown spectre_v1 spectre_v2 mds msbd

#1 Post by Udaba »

Is there any way to fix this . with this command : cat /proc/cpuinfo
i got this : bugs: cpu_meltdown spectre_v1 spectre_v2 mds msbds_only

Any ideas what i should do?

User avatar
NFT5
Posts: 443
Joined: 2014-10-10 11:38
Location: Canberra, Australia
Has thanked: 2 times

Re: Im vulnurable to cpu_meltdown spectre_v1 spectre_v2 mds

#2 Post by NFT5 »

Read this, especially the DSA and CVE links.

Run the Meltdown checker tool if you really need to.

Take appropriate action, if necessary, as detailed in above. In my case the appropriate action was to go and have a cup of tea.

theblueplll
Posts: 154
Joined: 2019-04-29 01:17

Re: Im vulnurable to cpu_meltdown spectre_v1 spectre_v2 mds

#3 Post by theblueplll »

Udaba wrote:Is there any way to fix this . with this command : cat /proc/cpuinfo
i got this : bugs: cpu_meltdown spectre_v1 spectre_v2 mds msbds_only
Any ideas what i should do?
Stop using Intel cpu's is all that you can do if it worries you that much.

cuckooflew
Posts: 681
Joined: 2018-05-10 19:34
Location: Some where out west

Re: Im vulnurable to cpu_meltdown spectre_v1 spectre_v2 mds

#4 Post by cuckooflew »

With out more specific details on your hardware, verison of Debian, etc. no one can really say, but the link provided by NFT5 is a good place to start checking, it shows what versions have not been mitigated:
https://wiki.debian.org/DebianSecurity/SpectreMeltdown
Other CPU's could have vulnerabilities as well and no one has found them yet, or if they have , they have not told anyone, so in a nut shell just changing CPU does not guarantee better security,... Since Intel is used in so many machines, including most PC's used in financial institutions, a huge amount of effort has been put into mitgating this problem.
If you are not technically skilled enough and securty is essential, your best option is to get someone that is skilled and well informed, to help you make sure. I remember when all the scare about the "Meltdown" and Intel ,etc started, my grand father was working night and day, and went out of town for several weeks, but that is another topic.
If it is of any assurance, my PC and laptop both have Intel inside, and I don't worry about it, but then I had my grandfather to help take care of that.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!

Udaba
Posts: 36
Joined: 2019-03-18 00:35

Re: Im vulnurable to cpu_meltdown spectre_v1 spectre_v2 mds

#5 Post by Udaba »

I have an Intel(R) Celeron(R) CPU N2840 @ 2.16GHz and i run Buster . i have no idea what i should do . the link ntf5 says buster is not vulnurable but it is.

User avatar
Head_on_a_Stick
Posts: 13450
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Im vulnurable to cpu_meltdown spectre_v1 spectre_v2 mds

#6 Post by Head_on_a_Stick »

Udaba wrote:it is
Is not:

Code: Select all

grep -R . /sys/devices/system/cpu/vulnerabilities
But it's probably worth noting that Intel's rubbish processors will doubtless be vulnerable to other side-channel attacks thanks to their laughable SMT implementation. The kernel devs are in Intel's pocket and so won't disable hyperthreading by default (unlike the OpenBSD devs) so you should probably do that yourself by adding the nosmt kernel command line parameter.

EDIT: actually your processor doesn't seem to support hyperthreading but I'll leave that note here for others who are not so fortunate.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support

theblueplll
Posts: 154
Joined: 2019-04-29 01:17

Re: Im vulnurable to cpu_meltdown spectre_v1 spectre_v2 mds

#7 Post by theblueplll »

Head_on_a_Stick wrote:
Udaba wrote:it is
Is not:

Code: Select all

grep -R . /sys/devices/system/cpu/vulnerabilities
But it's probably worth noting that Intel's rubbish processors will doubtless be vulnerable to other side-channel attacks thanks to their laughable SMT implementation. The kernel devs are in Intel's pocket and so won't disable hyperthreading by default (unlike the OpenBSD devs) so you should probably do that yourself by adding the nosmt kernel command line parameter.

EDIT: actually your processor doesn't seem to support hyperthreading but I'll leave that note here for others who are not so fortunate.
Was I seeing things or did you have a link in your post earlier?

I could swear I was reading more about this subject somewhere that you posted on the forums earlier.

Post Reply