linux 2.6 cpu漏洞,【图片】为什么linux mint上cpu漏洞直到现在也没完全修复?_linux吧_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼
下面是完整数据:
Spectre and Meltdown mitigation detection tool v0.42
Checking for vulnerabilities on current system
Kernel is Linux 4.15.0-55-generic #60-Ubuntu SMP Tue Jul 2 18:22:20 UTC 2019 x86_64
CPU is Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: YES
* CPU indicates L1D flush capability: YES (L1D flush feature bit)
* Microarchitecture Data Sampling
* VERW instruction is available: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
* CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): NO
* CPU supports Software Guard Extensions (SGX): NO
* CPU microcode is known to cause stability problems: NO (model 0x25 family 0x6 stepping 0x5 ucode 0x7 cpuid 0x20655)
* CPU microcode is the latest known available version: YES (latest version is 0x7 dated 2018/04/23 according to builtin MCExtractor DB v111 - 2019/05/18)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
* Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
* Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
* Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
* Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
* Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
* Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports PCID, performance impact of PTI will be reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
* SSB mitigation is enabled and active: YES (per-thread through prctl)
* SSB mitigation currently active for selected processes: YES (firefox ModemManager systemd-journald systemd-logind systemd-resolved systemd-timesyncd systemd-udevd tor)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: YES
> STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
* This system is a host running a hypervisor: NO
* Mitigation 1 (KVM)
* EPT is disabled: NO
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
* L1D flush enabled: YES (conditional flushes)
* Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
* Hyper-Threading (SMT) is enabled: YES
> STATUS: NOT VULNERABLE (this system is not running a hypervisor)
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable)
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:KO CVE-2018-12130:KO CVE-2018-12127:KO CVE-2019-11091:KO
Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
linux 2.6 cpu漏洞,【图片】为什么linux mint上cpu漏洞直到现在也没完全修复?_linux吧_百度贴吧...相关推荐
- linux cpu漏洞,【图片】为什么linux mint上cpu漏洞直到现在也没完全修复?_linux吧_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 下面是完整数据: Spectre and Meltdown mitigation detection tool v0.42 Checking for vu ...
- cpu漏洞linux修复,【图片】为什么linux mint上cpu漏洞直到现在也没完全修复?_linux吧_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 下面是完整数据: Spectre and Meltdown mitigation detection tool v0.42 Checking for vu ...
- linux有没有处理器漏洞,【图片】为什么linux mint上cpu漏洞直到现在也没完全修复?_linux吧_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 下面是完整数据: Spectre and Meltdown mitigation detection tool v0.42 Checking for vu ...
- java web 上传图片漏洞_Web安全:文件上传漏洞
原标题:Web安全:文件上传漏洞 一般将文件上传归类为直接文件上传与间接文件上传.直接文件上传就是服务器根本没有做任何安全过滤,导致攻击者可以直接上传小马文件及大马文件(如ASP.ASPX.PHP.J ...
- 最新系统漏洞--Victor CMS任意文件上传漏洞
最新系统漏洞2021年11月25日 受影响系统: Victor CMS Victor CMS 1.0 描述: Victor CMS是尼日利亚Victor Alagwu软件开发者的一套开源的内容管理系统 ...
- linux环境用opencv读取图片,基于Linux下OpenCV的人脸识别模块设计
金笑雪 张琳琳 高丹 张黎 摘 要: 近年来,图像识别技术正在向更加直观.可靠的方向发展,其中人脸识别技术具有极高的研究价值,应用得也最为广泛.通过对Linux系统下OpenCV的研究,利用OpenC ...
- linux带宽最小的远程桌面,【图片】linux下哪种远程桌面服务最快?_linux吧_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 I stumbled upon this while researching xrdp, which is the only one you mentio ...
- linux 桌面远程加速,【图片】linux下哪种远程桌面服务最快?_linux吧_百度贴吧
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 I stumbled upon this while researching xrdp, which is the only one you mentio ...
- c语言新建一个单向链表菜鸟,【图片】菜鸟的进击——玩转C语言链表【c程序设计吧】_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 链表是我们学习C语言避不开的问题,就让我们一起飞过去看看吧: 1 定义链表 链表是C语言编程中常用的数据结构,比如我们要建一个整数链表,一般可能这么定义: ...
- 考研规划计算机科学与技术,【图片】2020考研,老学长教你如何规划!【计算机考研吧】_百度贴吧...
该楼层疑似违规已被系统折叠 隐藏此楼查看此楼 二.关键一步--院校选择 我把各位同学的院校选择阶段分为以上几个阶段,因为考研这一年中,很多人的目标院校并不是固定不变的,而是随着不同阶段而改变的.学长我 ...
最新文章
- 如何入门生信Linux
- windows10 Selenium Chrome 驱动安装
- 微信小程序开发系列一:微信小程序的申请和开发环境的搭建
- linux获取命令的返回值,怎样获取shell函数的返回值及shell命令的返回值?
- Beta阶段事后分析
- 自考计算机应用技术实践考核,自考《计算机应用技术》实践环节指导
- ACM入门之【高精度】
- 网易严选Java开发三面面经:java技术编程培训班
- R语言学习2-RMarkdown入门使用
- 【Elasticsearch】elasticsearch 索引 详解 index
- sql查询去除视图重复项_如何使用SQL查询视图,Postico使用技巧分享
- [译] JavaScript 的函数式编程是一种反模式
- OpenGL秒安装及显示
- LabView学习笔记(九):数组与簇
- 事务和锁机制是什么关系
- 手机数控模拟器安卓版_数控模拟器手机版下载-数控模拟器安卓手机版v1.1.4-河东软件园...
- Win系统 - 尚未安装,.NET Framework 4,原因是:HRESULT 0x80240037
- AutoCAD2013 以上利用AccoreConsole+ c# NetApi 批量处理图纸
- 常用统计算法JAVA实现 - 峰度(07)
- 普莱得电器递交注册:上半年营收3.7亿 拟募资5.6亿
热门文章
- android移动应用基础教程!手把手教你写Android项目文档,面试必问
- 发过Nature文章的大咖一周内教您学会挖掘单细胞测序公共数据库来发表文章 1月25-29日...
- 最近又重温了一下像素的刀剑,整理了一下宝石炼造系统
- 公式整理(持续更新,至数学期望)_2021秋季《概率论与数理统计》
- 从零开始搭建个人网站:(一)域名,云服务器,空间的购买
- Google I/O 2022 新鲜出炉,打开你技术的想象空间
- 百度开发者大会全国巡讲开始、Scrum Gathering蓄势待发
- Tensorflow的动态图(Eager)介绍(官网原文译文)
- PHP_MySQL之间的连接步骤(简称六脉神剑)
- java-php-python-ssm旅游网站设计计算机毕业设计