Hacker News new | ask | show | jobs
by mnw21cam 3074 days ago
Having actually read the article, this would suggest that your kernel is too old to have the fixes.
1 comments
twunde 3074 days ago
Not true. Ubuntu packported the kernel patches. 16.04 should be updated automatically as long as you've restarted your server
link
newman314 3074 days ago
To be clear, Ubuntu's Spectre fixes are only in -proposed right now. They are scheduled to be moved to the regular repos on the 22th.
link
newman314 3070 days ago
Just to follow up, looks like Spectre fixes are now available but only for Variant 1. The following is on a 16.04 VM running HWE 4.13.0-31. Additionally, reptoline patches are not available.

  CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
  * Checking count of LFENCE opcodes in kernel:  YES 
  > STATUS:  NOT VULNERABLE  (114 opcodes found, which is >= 70, heuristic to be improved when official patches become available)

  CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
  * Mitigation 1
  *   Hardware (CPU microcode) support for mitigation
  *     The SPEC_CTRL MSR is available:  YES 
  *     The SPEC_CTRL CPUID feature bit is set:  NO 
  *   Kernel support for IBRS:  YES 
  *   IBRS enabled for Kernel space:  NO 
  *   IBRS enabled for User space:  NO 
  * Mitigation 2
  *   Kernel compiled with retpoline option:  NO 
  *   Kernel compiled with a retpoline-aware compiler:  NO 
  > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

  CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
  * Kernel supports Page Table Isolation (PTI):  YES 
  * PTI enabled and active:  YES 
  * Checking if we're running under Xen PV (64 bits):  NO 
  > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
link