spectre-meltdown-checker icon indicating copy to clipboard operation
spectre-meltdown-checker copied to clipboard

Published 20 hours ago verified publisher icon speed47

False vulnerability CVE-2020-0543? [Bug Report]

Open servimo opened this issue 3 years ago • 6 comments

CPU supports Special Register Buffer Data Sampling (SRBDS): NO

CVE-2020-0543 aka ‘Special Register Buffer Data Sampling (SRBDS)’ Mitigated according to the /sys interface: NO (Vulnerable: No microcode) SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation) SRBDS mitigation control is enabled and active: NO STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate the vulnerability

servimo avatar Feb 20 '22 16:02 servimo

Your CPU doesn't seem to have the latest microcode to support SRBDS mitigation. Mitigation for this vulnerability requires a recent kernel AND recent microcode for your CPU.

speed47 avatar Mar 21 '22 20:03 speed47

I think it is a false vulnerability because my processor is an old Intel i7 3770k (3rd generation) and this suport SRBDS is related to a technology it don't have. I could be wrong.

servimo avatar Mar 21 '22 21:03 servimo

Your CPU is indeed affected, first row of this table: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-srbds.html As of to why you might not have a microcode that mitigates the issue, most probably your CPU is out of support and will never get the fix (see https://github.com/speed47/spectre-meltdown-checker/blob/master/FAQ.md#the-tool-says-that-i-need-a-more-up-to-date-microcode-but-i-have-the-more-recent-version )

speed47 avatar Mar 21 '22 21:03 speed47

Nothing I can do. But in here my core specifications say:

Intel® Transactional Synchronization Extensions no

https://ark.intel.com/content/www/us/en/ark/products/65523/intel-core-i73770k-processor-8m-cache-up-to-3-90-ghz.html?wapkw=intel%20core%20i7%203770k

Ok. I am out of support. Thanks for your explanation.

servimo avatar Mar 21 '22 22:03 servimo

I'm running a Xeon 1230 v2 (ivybridge) that is vulnerable to SRBDS on kernel 5.15.85-1 and intel-microcode 3.20221108.2 from debian testing and the tool reports that my system is vulnerable. I added srbds=on to kernel boot

root@zaphod:~# dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x21, date = 2019-02-13 [ 0.202493] SRBDS: Vulnerable: No microcode [ 0.924981] microcode: sig=0x306a9, pf=0x2, revision=0x21 [ 0.925117] microcode: Microcode Update Driver: v2.2.

qcretro avatar Mar 10 '23 20:03 qcretro

For what I understand there is no mitigation for ivybridge microcode. No matter if you put SRBDS=on or off. Intel will not gonna give support for it.

servimo avatar Mar 10 '23 20:03 servimo