[Bug 1949186] [NEW] Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities

Launchpad Bug Tracker Fri, 18 Feb 2022 05:08:54 -0800

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Marc Deslauriers 
(mdeslaur):


The Greenbone Security Assistant reporting me the following:
Summary
The remote host is missing one or more known mitigation(s) on Linux Kernel
  side for the referenced 'SSB - Speculative Store Bypass' hardware 
vulnerabilities.
Detection Result

The Linux Kernel on the remote host is missing the mitigation for the
"spec_store_bypass" hardware vulnerabilities as reported by the sysfs
interface:

sysfs file checked                                        | Kernel status (SSH 
response)
----------------------------------------------------------------------------------------
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass | Vulnerable

Notes on the "Kernel status / SSH response" column:
- sysfs file missing: The sysfs interface is available but the sysfs file for 
this specific vulnerability is missing. This means the kernel doesn't know this 
vulnerability yet and is not providing any mitigation which means the target 
system is vulnerable.
- Strings including "Mitigation:", "Not affected" or "Vulnerable" are reported 
directly by the Linux Kernel.
- All other strings are responses to various SSH commands.

Product Detection Result
Product
        
cpe:/a:linux:kernel
Method
        
Detection of Linux Kernel mitigation status for hardware vulnerabilities (OID: 
1.3.6.1.4.1.25623.1.0.108765)
Log
        
View details of product detection
Detection Method
Checks previous gathered information on the mitigation status reported
  by the Linux Kernel.
Details:
        
Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' ...
OID: 1.3.6.1.4.1.25623.1.0.108842

Version used: 2021-07-07T02:00:46Z

** Affects: linux-aws (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware 
vulnerabilities
https://bugs.launchpad.net/bugs/1949186
You received this bug notification because you are a member of Ubuntu Bugs, 
which is subscribed to the bug report.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1949186] [NEW] Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities

Reply via email to