> STATUS: VULNERABLE (heuristic to be improved when official patches become available)ĬVE-2017-5715 aka 'Spectre Variant 2' * Checking count of LFENCE opcodes in kernel: NO (only 31 opcodes found, should be >= 70) Using the Spectre & Meltdown Checker after switching to the 4.9.0-5 kernel version following Pasqualini answer because a security update is available to mitigate the cve-2017-5754 on debian Stretch: CVE-2017-5753 aka 'Spectre Variant 1' How to mitigate the Spectre and Meldown vulnerabilities on Linux systems?įurther reading: Using Meltdown to steal passwords in real time. Model name : Intel(R) Core(TM) i3-3217U CPU 1.80GHz
My system seem to be affected by the spectre vulnerability. These updates will be announced in future Ubuntu Security Notices once they are available.Īs a proof-of-concept, JavaScript code was written that, when run in the Google Chrome browser, allows JavaScript to read private memory from the process in which it runs. To address the issue, updates to the Ubuntu kernel and processor microcode will be needed. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM. Technical details can be found on redhat website, Ubuntu security team. This flaw can be exploited remotely by visiting a JavaScript website. It affects Intel, AMD and ARM architectures. Security researchers have published on the Project Zero a new vulnerability called Spectre and Meltdown allowing a program to steal information from a memory of others programs.
0 kommentar(er)
