Hi,
since the Core 169 testing update, my Spectre Variant 4 vulnerability (CVE-2018-3639) moved from “Not Affected” to “Vulnerable”…
Anyone see the same change ?
Hi,
since the Core 169 testing update, my Spectre Variant 4 vulnerability (CVE-2018-3639) moved from “Not Affected” to “Vulnerable”…
Anyone see the same change ?
I have noticed the same recently. Although the spectre-meltdown-checker also now shows the same where before it didn’t.
It might be time for us to upgrade
spectre-meltdown-checker:
Hi,
My Core169 test box shows Mitigated (same as before).
spectre-meltdown-checker was upgraded to version 0.45 in Core Update 168.
Hi,
if I recall correctly, the spectre-meltdown-checker
update indeed caused a more accurate reporting of CPU vulnerabilities on my machines. Specifically, one it was actually not vulnerable to has always been reported the other way round before; version 0.45 fixed this.
As for the general sentiment, the output of spectre-meltdown-checker
appears to be a bit more accurate than the CGI status (which is solely derived from the kernel’s own findings), so it might be useful to cross-check both if in doubt.
There may well be a correction regarding Spectre v4 in the upstream kernel. I did not checked for that, but that particular one is a tricky beast, and it is possible that more CPU models are affected by it than previously assessed.
Brave new world, I guess.
Thanks, and best regards,
Peter Müller
Yep. I have that status " Vulnerable" already in core 168! So it’s not new.
Same here since CU 169 stable (vulnerable > not affected)
Hi all,
just for the records: You may well see Specte v2 flapping back from “mitigated” to “vulnerable” on your machines.
Sorry to disappoint, and best regards,
Peter Müller