** Changed in: linux (Ubuntu)
   Importance: Critical => High

** Changed in: linux (Ubuntu Artful)
   Importance: Critical => High

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

Status in linux package in Ubuntu:
Status in linux source package in Artful:

Bug description:

  I'm testing script:

  :~/spectre-meltdown-checker$ sudo ./spectre-meltdown-checker.sh
  [sudo] password for caravena: 
  Spectre and Meltdown mitigation detection tool v0.31

  Checking for vulnerabilities against running kernel Linux 4.13.0-30-generic 
#33-Ubuntu SMP Mon Jan 15 19:45:48 UTC 2018 x86_64
  CPU is Intel(R) Core(TM) i3-2377M CPU @ 1.50GHz

  CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
  * Checking count of LFENCE opcodes in kernel:  YES 
  > STATUS:  NOT VULNERABLE  (114 opcodes found, which is >= 70, heuristic to 
be improved when official patches become available)

  CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
  * Mitigation 1
  *   Hardware (CPU microcode) support for mitigation
  *     The SPEC_CTRL MSR is available:  NO 
  *     The SPEC_CTRL CPUID feature bit is set:  NO 
  *   Kernel support for IBRS:  YES 
  *   IBRS enabled for Kernel space:  NO 
  *   IBRS enabled for User space:  NO 
  * Mitigation 2
  *   Kernel compiled with retpoline option:  NO 
  *   Kernel compiled with a retpoline-aware compiler:  NO 
  > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with 
retpoline are needed to mitigate the vulnerability)

  CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
  * Kernel supports Page Table Isolation (PTI):  YES 
  * PTI enabled and active:  YES 
  * Checking if we're running under Xen PV (64 bits):  NO 
  > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

  A false sense of security is worse than no security at all, see


  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: linux-image-4.13.0-30-generic 4.13.0-30.33
  ProcVersionSignature: Ubuntu 4.13.0-30.33-generic 4.13.13
  Uname: Linux 4.13.0-30-generic x86_64
  ApportVersion: 2.20.8-0ubuntu6
  Architecture: amd64
   /dev/snd/controlC0:  caravena   1689 F.... pulseaudio
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Jan 17 13:18:45 2018
  InstallationDate: Installed on 2017-10-13 (96 days ago)
  InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Alpha amd64 (20170926)
  MachineType: SAMSUNG ELECTRONICS CO., LTD. 530U3C/530U4C
  ProcFB: 0 inteldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-4.13.0-30-generic 
root=UUID=707d0f89-4b1d-4432-9d50-6058dc4c1ee9 ro rootflags=subvol=@ quiet 
splash vt.handoff=7
   linux-restricted-modules-4.13.0-30-generic N/A
   linux-backports-modules-4.13.0-30-generic  N/A
   linux-firmware                             1.170
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 04/15/2013
  dmi.bios.vendor: Phoenix Technologies Ltd.
  dmi.bios.version: P14AAJ
  dmi.board.asset.tag: Base Board Asset Tag
  dmi.board.name: SAMSUNG_NP1234567890
  dmi.board.vendor: SAMSUNG ELECTRONICS CO., LTD.
  dmi.board.version: FAB1
  dmi.chassis.asset.tag: No Asset Tag
  dmi.chassis.type: 9
  dmi.chassis.vendor: SAMSUNG ELECTRONICS CO., LTD.
  dmi.chassis.version: 0.1
  dmi.product.family: ChiefRiver System
  dmi.product.name: 530U3C/530U4C
  dmi.product.version: 0.1
  dmi.sys.vendor: SAMSUNG ELECTRONICS CO., LTD.

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to