Bug#982645: CVE-2018-3640 on N3160

2021-02-12 Thread Henrique de Moraes Holschuh 
On Fri, Feb 12, 2021, at 17:15, Kurt Roeckx wrote:
> Package: intel-microcode
> Version: 3.20201118.1~deb10u1

...

> spectre-meltdown-checker reports:
> CVE-2018-3640 aka 'Variant 3a, rogue system register read'
> * CPU microcode mitigates the vulnerability:  NO
> > STATUS:  VULNERABLE  (an up-to-date CPU microcode is needed to mitigate 
> > this vulnerability)

...

> [2.012058] microcode: sig=0x406c4, pf=0x1, revision=0x411

This is the latest public release of microcode for this processor, and none 
newer has been observed in the field.

> Can you clarify if a microcode update is missing, just not available
> or that spectre-meltdown-checker is wrong?

That's the latest update.

I don't know if that celeron N is vulnerable to spectre 3a. You'd need to try 
an exploit to know for sure, the Intel microcode guide is not that detailed.

Rev. 0x410 and later are supposed to mitigate meltdown as much as possible for 
that processor according to the public information released by Intel at the 
time.

-- 
  Henrique de Moraes Holschuh

Bug#982645: CVE-2018-3640 on N3160

2021-02-12 Thread Kurt Roeckx 
Package: intel-microcode
Version: 3.20201118.1~deb10u1

Hi,

spectre-meltdown-checker reports:
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability:  NO
> STATUS:  VULNERABLE  (an up-to-date CPU microcode is needed to mitigate this 
> vulnerability)

/proc/cpuinfo says:
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 76
model name  : Intel(R) Celeron(R) CPU  N3160  @ 1.60GHz
stepping: 4
microcode   : 0x411
cpu MHz : 700.500
cache size  : 1024 KB
physical id : 0
siblings: 4
core id : 0
cpu cores   : 4
apicid  : 0
initial apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 11

dmesg reports:
[0.00] microcode: microcode updated early to revision 0x411, date = 
2019-04-23
[...]
[2.012058] microcode: sig=0x406c4, pf=0x1, revision=0x411

Can you clarify if a microcode update is missing, just not available
or that spectre-meltdown-checker is wrong?


Kurt