aveao · January 14, 2018 16:57
diff --git a/- b/-
 [1;34mSpectre and Meltdown mitigation detection tool v0.30[0m

 Checking for vulnerabilities against running kernel [35mLinux 4.14.13-1-ARCH #1 SMP PREEMPT Wed Jan 10 11:14:50 UTC 2018 x86_64[0m
 CPU is[35m Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz[0m

 [1;34mCVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'[0m
 * Checking count of LFENCE opcodes in kernel: [101m[30m NO [0m
 > [46m[30mSTATUS:[0m [101m[30m VULNERABLE [0m (only 21 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

 [1;34mCVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'[0m
 * Mitigation 1
 *   Hardware (CPU microcode) support for mitigation
 *     The SPEC_CTRL MSR is available: [102m[30m YES [0m
 *     The SPEC_CTRL CPUID feature bit is set: [102m[30m YES [0m
 *   Kernel support for IBRS: [101m[30m NO [0m
 *   IBRS enabled for Kernel space: [101m[30m NO [0m
 *   IBRS enabled for User space: [101m[30m NO [0m
 * Mitigation 2
 *   Kernel compiled with retpoline option: [101m[30m NO [0m
 *   Kernel compiled with a retpoline-aware compiler: [101m[30m NO [0m
 > [46m[30mSTATUS:[0m [101m[30m VULNERABLE [0m (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

 [1;34mCVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'[0m
 * Kernel supports Page Table Isolation (PTI): [102m[30m YES [0m
 * PTI enabled and active: [102m[30m YES [0m
 > [46m[30mSTATUS:[0m [102m[30m NOT VULNERABLE [0m (PTI mitigates the vulnerability)

 A false sense of security is worse than no security at all, see --disclaimer
	[1;34mSpectre and Meltdown mitigation detection tool v0.30[0m

	Checking for vulnerabilities against running kernel [35mLinux 4.14.13-1-ARCH #1 SMP PREEMPT Wed Jan 10 11:14:50 UTC 2018 x86_64[0m
	CPU is[35m Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz[0m

	[1;34mCVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'[0m
	* Checking count of LFENCE opcodes in kernel: [101m[30m NO [0m
	> [46m[30mSTATUS:[0m [101m[30m VULNERABLE [0m (only 21 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

	[1;34mCVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'[0m
	* Mitigation 1
	* Hardware (CPU microcode) support for mitigation
	* The SPEC_CTRL MSR is available: [102m[30m YES [0m
	* The SPEC_CTRL CPUID feature bit is set: [102m[30m YES [0m
	* Kernel support for IBRS: [101m[30m NO [0m
	* IBRS enabled for Kernel space: [101m[30m NO [0m
	* IBRS enabled for User space: [101m[30m NO [0m
	* Mitigation 2
	* Kernel compiled with retpoline option: [101m[30m NO [0m
	* Kernel compiled with a retpoline-aware compiler: [101m[30m NO [0m
	> [46m[30mSTATUS:[0m [101m[30m VULNERABLE [0m (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

	[1;34mCVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'[0m
	* Kernel supports Page Table Isolation (PTI): [102m[30m YES [0m
	* PTI enabled and active: [102m[30m YES [0m
	> [46m[30mSTATUS:[0m [102m[30m NOT VULNERABLE [0m (PTI mitigates the vulnerability)

	A false sense of security is worse than no security at all, see --disclaimer