[Kernel-packages] [Bug 1949186] Re: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities
[Expired for linux-aws (Ubuntu) because there has been no activity for 60 days.] ** Changed in: linux-aws (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1949186 Title: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities Status in linux-aws package in Ubuntu: Expired Bug description: The Greenbone Security Assistant reporting me the following: Summary The remote host is missing one or more known mitigation(s) on Linux Kernel side for the referenced 'SSB - Speculative Store Bypass' hardware vulnerabilities. Detection Result The Linux Kernel on the remote host is missing the mitigation for the "spec_store_bypass" hardware vulnerabilities as reported by the sysfs interface: sysfs file checked| Kernel status (SSH response) /sys/devices/system/cpu/vulnerabilities/spec_store_bypass | Vulnerable Notes on the "Kernel status / SSH response" column: - sysfs file missing: The sysfs interface is available but the sysfs file for this specific vulnerability is missing. This means the kernel doesn't know this vulnerability yet and is not providing any mitigation which means the target system is vulnerable. - Strings including "Mitigation:", "Not affected" or "Vulnerable" are reported directly by the Linux Kernel. - All other strings are responses to various SSH commands. Product Detection Result Product cpe:/a:linux:kernel Method Detection of Linux Kernel mitigation status for hardware vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.108765) Log View details of product detection Detection Method Checks previous gathered information on the mitigation status reported by the Linux Kernel. Details: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' ... OID: 1.3.6.1.4.1.25623.1.0.108842 Version used: 2021-07-07T02:00:46Z To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1949186/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1949186] Re: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities
** Changed in: linux-aws (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1949186 Title: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities Status in linux-aws package in Ubuntu: Incomplete Bug description: The Greenbone Security Assistant reporting me the following: Summary The remote host is missing one or more known mitigation(s) on Linux Kernel side for the referenced 'SSB - Speculative Store Bypass' hardware vulnerabilities. Detection Result The Linux Kernel on the remote host is missing the mitigation for the "spec_store_bypass" hardware vulnerabilities as reported by the sysfs interface: sysfs file checked| Kernel status (SSH response) /sys/devices/system/cpu/vulnerabilities/spec_store_bypass | Vulnerable Notes on the "Kernel status / SSH response" column: - sysfs file missing: The sysfs interface is available but the sysfs file for this specific vulnerability is missing. This means the kernel doesn't know this vulnerability yet and is not providing any mitigation which means the target system is vulnerable. - Strings including "Mitigation:", "Not affected" or "Vulnerable" are reported directly by the Linux Kernel. - All other strings are responses to various SSH commands. Product Detection Result Product cpe:/a:linux:kernel Method Detection of Linux Kernel mitigation status for hardware vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.108765) Log View details of product detection Detection Method Checks previous gathered information on the mitigation status reported by the Linux Kernel. Details: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' ... OID: 1.3.6.1.4.1.25623.1.0.108842 Version used: 2021-07-07T02:00:46Z To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1949186/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1949186] Re: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities
Hi Ammar, apologies for the delayed followup, what is the version of the kernel that you are seeing this with? I.E. what is the output of running the command 'cat /proc/version_signature' where this is showing up? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1949186 Title: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities Status in linux-aws package in Ubuntu: New Bug description: The Greenbone Security Assistant reporting me the following: Summary The remote host is missing one or more known mitigation(s) on Linux Kernel side for the referenced 'SSB - Speculative Store Bypass' hardware vulnerabilities. Detection Result The Linux Kernel on the remote host is missing the mitigation for the "spec_store_bypass" hardware vulnerabilities as reported by the sysfs interface: sysfs file checked| Kernel status (SSH response) /sys/devices/system/cpu/vulnerabilities/spec_store_bypass | Vulnerable Notes on the "Kernel status / SSH response" column: - sysfs file missing: The sysfs interface is available but the sysfs file for this specific vulnerability is missing. This means the kernel doesn't know this vulnerability yet and is not providing any mitigation which means the target system is vulnerable. - Strings including "Mitigation:", "Not affected" or "Vulnerable" are reported directly by the Linux Kernel. - All other strings are responses to various SSH commands. Product Detection Result Product cpe:/a:linux:kernel Method Detection of Linux Kernel mitigation status for hardware vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.108765) Log View details of product detection Detection Method Checks previous gathered information on the mitigation status reported by the Linux Kernel. Details: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' ... OID: 1.3.6.1.4.1.25623.1.0.108842 Version used: 2021-07-07T02:00:46Z To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1949186/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1949186] Re: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1949186 Title: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities Status in linux-aws package in Ubuntu: New Bug description: The Greenbone Security Assistant reporting me the following: Summary The remote host is missing one or more known mitigation(s) on Linux Kernel side for the referenced 'SSB - Speculative Store Bypass' hardware vulnerabilities. Detection Result The Linux Kernel on the remote host is missing the mitigation for the "spec_store_bypass" hardware vulnerabilities as reported by the sysfs interface: sysfs file checked| Kernel status (SSH response) /sys/devices/system/cpu/vulnerabilities/spec_store_bypass | Vulnerable Notes on the "Kernel status / SSH response" column: - sysfs file missing: The sysfs interface is available but the sysfs file for this specific vulnerability is missing. This means the kernel doesn't know this vulnerability yet and is not providing any mitigation which means the target system is vulnerable. - Strings including "Mitigation:", "Not affected" or "Vulnerable" are reported directly by the Linux Kernel. - All other strings are responses to various SSH commands. Product Detection Result Product cpe:/a:linux:kernel Method Detection of Linux Kernel mitigation status for hardware vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.108765) Log View details of product detection Detection Method Checks previous gathered information on the mitigation status reported by the Linux Kernel. Details: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' ... OID: 1.3.6.1.4.1.25623.1.0.108842 Version used: 2021-07-07T02:00:46Z To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1949186/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
