Hi, On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <go...@oles.biz> wrote: > > On 3/23/22 18:35, piorunz wrote: > > On 23/03/2022 15:41, Leandro Cunha wrote: > > > >> Please, take into consideration what is in the link and you can > >> consult through > >> it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715 > > > > Leandro, > > I've been on this website before I posted with spectre-meltdown-checker > > results. I have vulnerable status just like author of this topic. I am > > on intel-microcode 3.20210608.2, and by the look of it, this bug > > supposed to be fixed in: > > > > "intel-microcode: Some microcode updates to partially adress > > CVE-2017-5715 included in 3.20171215.1 > > Further updates in 3.20180312.1" > > > > So my version of microcode is 3-4 years newer than that. > > > > Is it microcode problem, or spectre-meltdown-checker displaying wrong > > information, or something else entirely? > > > > I want to mention that on the same computer with kernel Debian 5.10.92-2 > > spectre-meltdown-checker > > reports that the system is not vulnerable to CVE-2017-5715 > > Kind regards > Georgi >
This script is reporting an already patched CVE as vulnerable. Just rule that out and see the link below for more information on DSA and DLA. I hope it helped with that. CVE-2017-5715: https://security-tracker.debian.org/tracker/CVE-2017-5715 -- Cheers, Leandro Cunha Software Engineer and Debian Contributor