meltdown and spectra?

[overthere]

Shortly after release of 7.2 there was a kernel update for security, now meltdown and spectra require a patch? and affects all chips to my general understanding.

Question..was the kernel update built to the available 7.2 iso and also is there any news on the meltdown/spectra patch.

wondering if I will have to update kernel prior to patch as installing back to my laptop after some upgrades.

thanks

[nightflier]

A new kernel with these patches is available. You need to use the "untested" repository.

http://forum.vectorlinux.com/index.php?topic=19139.msg106524#msg106524

[overthere]

currently have VL-std 7.2 installed to an acer aspire netbook.

It boots fine with the default .76 and also the .89

when booting .14 the screen distorts and nothing is readable, the desktop is not usable

if I "e" at grub and change vga=788 to something else and f10 it stops boot and gives choice to view options or continue..if I continue the system boots to desktop as expected and appears to function normally..also couple of acpi errors list at boot before screen distorts and after continue..added no apci and no apic during grub edit but no change..not sure how to edit grub effectively.

not that a lot of folks will use this hardware but do not have my laptop put back together yet,,had to tear down to clean intake

adding...the  best case on this hardware seems to be hit "e" at grub use the arrow keys to locate and remove vga=788 and hit f10. ignore the two acpi errors and sign in as usual.

[overthere]

As the old lappy booted ok, thought I would try running the spectre-meltdown-checker from github

perhaps 32 bit remains vulnerable? anyone checked on 64 bit? or is the script from github a false sense of security. or in my case a indication to visit the recycle depot..lol

Code: [Select]

someone:$ su
Password:
You are working as root

root:# ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.32

Checking for vulnerabilities against running kernel Linux 4.14.14 #1 SMP Thu Jan 18 14:37:24 CST 2018 i686
CPU is  Intel(R) Atom(TM) CPU N270   @ 1.60GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable: Minimal generic ASM retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable)

A false sense of security is worse than no security at all, see --disclaimer
vector://home/someone/Downloads/spectre-meltdown-checker-master
root:#

[retired1af]

That script isn't really accurate. Author admits it may or  may not be valid.

Something we should also look at is updating the Intel microcode if it's possible.

[overthere]

updating the browser(s) would also be part of addressing the issue.

[M0E-lnx]

The 4.14 kernel is being built as they roll them out (it is also the next LTS, so it makes sense to switch to that).

About the meltdown/spectre bugs... bare in mind that there are no fixes for this stuff... what they're doing is adding mitigation patches.  The mitigation patches are being retroactively backported from what I understand.  I dont expect much of a focus on fixing 32bit, just because everyone is phasing 32-bit out.

Any input or test results from running that 4.14 kernel would be really helpful so we can shift focus on VL for that version.