Speculative execution, variant 4 : speculative store bypass - CVE-2018-3639
Speculative execution, variant 4 : speculative store bypass - CVE-2018-3639
Hi All,
Another vulnerable found related to Meltdown/Spectre-style which will required kernel upgrade.
Currently Redhat has release bug fix at : https://access.redhat.com/security/vuln ... 000RUZoAAO&
The latest kernel for CentOS 7 was 3.10.0-862.2.3.el7.x86_64 which is not fix for variant 4.
May I know when this variant can be fix ?
Referent : https://bugs.chromium.org/p/project-zer ... il?id=1528
Thanks
Another vulnerable found related to Meltdown/Spectre-style which will required kernel upgrade.
Currently Redhat has release bug fix at : https://access.redhat.com/security/vuln ... 000RUZoAAO&
The latest kernel for CentOS 7 was 3.10.0-862.2.3.el7.x86_64 which is not fix for variant 4.
May I know when this variant can be fix ?
Referent : https://bugs.chromium.org/p/project-zer ... il?id=1528
Thanks
Re: Speculative execution, variant 4 : speculative store bypass - CVE-2018-3639
Yes, the new kernel is being built. Kernel rpms take a bit longer to build than the other packages, but the updated kernel will be released in due course. We can't start building the new kernel (or any other package for that matter) until Red Hat has released theirs.
Re: Speculative execution, variant 4 : speculative store bypass - CVE-2018-3639
Any update as to when a new kernel with this fix will be available?
Re: Speculative execution, variant 4 : speculative store bypass - CVE-2018-3639
About a month ago...
Build Date : Tue 22 May 2018 01:39:11 BST
Build Date : Tue 22 May 2018 01:39:11 BST
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 7
- Joined: 2016/09/13 21:52:40
Re: Speculative execution, variant 4 : speculative store bypass - CVE-2018-3639
but it doesn't solve the issue because the microcode is not in the repo, I think.
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: NO
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: NO (Vulnerable)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: VULNERABLE (Your CPU doesn't support SSBD)
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: NO
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: NO (Vulnerable)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: VULNERABLE (Your CPU doesn't support SSBD)
Re: Speculative execution, variant 4 : speculative store bypass - CVE-2018-3639
Kernel packages don't carry any microcode. Perhaps you should install the latest BIOS from your hardware vendor? The BIOS updates typically contain microcode updates as well.
Re: Speculative execution, variant 4 : speculative store bypass - CVE-2018-3639
Or just update the microcode_ctl package to the latest which now has the latest from Intel (well, 201804xx anyway).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 7
- Joined: 2016/09/13 21:52:40
Re: Speculative execution, variant 4 : speculative store bypass - CVE-2018-3639
I'm using microcode_ctl-2.1-29.2.el7_5.x86_64, is there a newer one?
I'm using BIOS 2.6.1 (latest) for Dell R620.
I'm using BIOS 2.6.1 (latest) for Dell R620.
Re: Speculative execution, variant 4 : speculative store bypass - CVE-2018-3639
That is the latest microcode_ctl for el7 and it appears to be the latest BIOS for an R620. No idea if Intel have newer microcode than RH package, perhaps worth a look. Everything I see at the moment still says that Intel have released "beta" microcode packages to their hardware partners and you can expect those to show up in production BIOSes sometime, maybe soon.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke