linux cpu漏洞,【图片】为什么linux mint上cpu漏洞直到现在也没完全修复?_linux吧_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼
下面是完整数据:
Spectre and Meltdown mitigation detection tool v0.42
Checking for vulnerabilities on current system
Kernel is Linux 4.15.0-55-generic #60-Ubuntu SMP Tue Jul 2 18:22:20 UTC 2019 x86_64
CPU is Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: YES
* CPU indicates L1D flush capability: YES (L1D flush feature bit)
* Microarchitecture Data Sampling
* VERW instruction is available: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
* CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU microcode is known to cause stability problems: NO (model 0x25 family 0x6 stepping 0x5 ucode 0x7 cpuid 0x20655)
* CPU microcode is the latest known available version: YES (latest version is 0x7 dated 2018/04/23 according to builtin MCExtractor DB v111 - 2019/05/18)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
* Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
* Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
* Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
* Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
* Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
* Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
* SSB mitigation is enabled and active: YES (per-thread through prctl)
* SSB mitigation currently active for selected processes: YES (firefox ModemManager systemd-journald systemd-logind systemd-resolved systemd-timesyncd systemd-udevd tor)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: YES
> STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
* This system is a host running a hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: NO
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
* L1D flush enabled: YES (conditional flushes)
* Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
* Hyper-Threading (SMT) is enabled: YES
> STATUS: NOT VULNERABLE (this system is not running a hypervisor)
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:KO CVE-2018-12130:KO CVE-2018-12127:KO CVE-2019-11091:KO
Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
linux cpu漏洞,【图片】为什么linux mint上cpu漏洞直到现在也没完全修复?_linux吧_百度贴吧...相关推荐
- cpu漏洞linux修复,【图片】为什么linux mint上cpu漏洞直到现在也没完全修复?_linux吧_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 下面是完整数据: Spectre and Meltdown mitigation detection tool v0.42 Checking for vu ...
- linux有没有处理器漏洞,【图片】为什么linux mint上cpu漏洞直到现在也没完全修复?_linux吧_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 下面是完整数据: Spectre and Meltdown mitigation detection tool v0.42 Checking for vu ...
- linux改开机图片,修改linux开机启动图像
Linux字符界面切换到图形界面 由字符界面切换到图形界面可用两种简单方法实现: 1.在字符界面 LINUX 启动logo 总结 最近在imx6上需要调试linux下启动logo.其实linux启动l ...
- java web 上传图片漏洞_Web安全:文件上传漏洞
原标题:Web安全:文件上传漏洞 一般将文件上传归类为直接文件上传与间接文件上传.直接文件上传就是服务器根本没有做任何安全过滤,导致攻击者可以直接上传小马文件及大马文件(如ASP.ASPX.PHP.J ...
- 最新系统漏洞--Victor CMS任意文件上传漏洞
最新系统漏洞2021年11月25日 受影响系统: Victor CMS Victor CMS 1.0 描述: Victor CMS是尼日利亚Victor Alagwu软件开发者的一套开源的内容管理系统 ...
- linux带宽最小的远程桌面,【图片】linux下哪种远程桌面服务最快?_linux吧_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 I stumbled upon this while researching xrdp, which is the only one you mentio ...
- linux 桌面远程加速,【图片】linux下哪种远程桌面服务最快?_linux吧_百度贴吧
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 I stumbled upon this while researching xrdp, which is the only one you mentio ...
- c语言课程设计贴吧,【图片】发几个C语言课程设计源代码(恭喜自己当上技术小吧主)【东华理工大学吧】_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 /*************************************************查询函数*********************** ...
- c语言仪器仪表课程设计,【图片】发几个C语言课程设计源代码(恭喜自己当上技术小吧主)【东华理工大学吧】_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 /*************************************************查询函数*********************** ...
最新文章
- java自定义上下文对象_Java框架_Spring应用上下文对象加载配置
- 国内外有哪些不错的需求管理工具?如何选择?
- R语言包_knitr
- C#中数组、ArrayList和List三者的区别
- linux的read命令
- SQLServer-sysobjects-type
- 水题Kattis Temperature Confusion小学数学
- boost::spirit模块实现将由某个分隔符分隔的任意键/值对解析为 std::map的测试程序
- Python之上下文管理协议
- hp服务器硬盘ultra320,HP服务器上安装和管理HP 磁盘柜MSA500G.pdf
- ol xyz 加载天地图_OpenLayers加载天地图方法——WMTS和XYZ
- RH413-Linux系统下的SUID文件权限测试
- 即时通信(二)--- 腾讯云IM接入具体实现
- 集赞生成器:朋友圈集赞不求人
- Thinkpad E430c 16GB内存安装成功
- Pytorch加载.pth文件
- 古城钟楼微博地支报时程序铛,100行代码实现,价值一天20万粉丝
- 惠州 菜鸟机器人_京东PK阿里谁怕谁?菜鸟称:智能机器人仓库已在广东惠阳投入使用...
- 下载B(bilibili)站视频
- 《数组》包括一维数组二维数组的创建和初始化,在内存中的存储和使用方法,数组越界和作为函数参数的情况
热门文章
- NAR:UNITE真菌鉴定ITS数据库——处理未分类和并行分类
- 宏基因组合种树第292期—侧柏、樟子松,为祖国绿化做贡献
- 植物微生物组专题:研究方法、当前热点及未来方向
- pandas对dataframe的数据列进行随机抽样(Random Sample of Columns)、使用sample函数进行数据列随机抽样
- R语言层次聚类(hierarchical clustering):特征缩放、抽取hclust中的聚类簇(cutree函数从hclust对象中提取每个聚类簇的成员)、基于主成分分析的进行聚类结果可视化
- Coefficients: (1 not defined because of singularities)
- R语言常用线性模型特征筛选(feature selection)技术实战:基于前列腺特异性抗原(PSA)数据
- RStudio配置R程序包的默认下载源
- R可视化雷达图(Radar Charts)
- C语言实现九九乘法表共9行9列,重点考察for循环的掌握情况!