Spectre-meltdown-checker CVE-2020-0543:KO

With the latest update of “spectre-meltdown-checker” as its been a while I don t check, now I see this:

CVE-2020-0543 aka ‘Special Register Buffer Data Sampling (SRBDS)’

  • Mitigated according to the /sys interface: NO (Vulnerable: No microcode)
  • SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
  • SRBDS mitigation control is enabled and active: NO

STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate the vulnerability

but in the begining of the check I have this:

  • CPU supports Special Register Buffer Data Sampling (SRBDS): NO

so, no vulnerability at all?

Can’t be vulnerable if your CPU doesn’t have that feature.

Maybe you could file a bug report.

1 Like

its depending on microcode version , if microcode is ok it should be not vulnerable ,
but if there no version found , is tagged vulnerable…

be careful microcode linux is not microcode microsoft , and not microcode intel ( as motherboard reseller )

see this on last information

I have installed the latest microcode from Manjaro:

Intel-ucode 20220207-1

As my CPU is an old Intel Core i7 and this vulnerability maybe is not so important now for Intel lets say that is nothing to do, I can live with this.

“A processor is affected by SRBDS if its Family_Model and stepping is in the following list, with the exception of the listed processors exporting MDS_NO while Intel TSX is available yet not enabled. The latter class of processors are only affected when Intel TSX is enabled by software using TSX_CTRL_MSR otherwise they are not affected.”

Intel® Transactional Synchronization Extensions No

In my personal opinion
on a personal computer
which is not a server to anyone or anything apart from occasional ssh connections from inside my (very small) local network
I do not care about this or any other of these kind of vulnerabilities.

I do not want to incur the performance impact these (may) have for no gain.

And so I decided
(just for myself)
to disable any and all of these mitigations
by adding:
to the Grub command line
to disable them all in one go.

But maybe someone can and wants to correct me on this my decision?

1 Like

I am on a personal desktop computer too, I was just curious about, maybe this mitigations will have impact over a server with many ssh connections as you say. I was just investigating what was this.

i repeat what i was seeing before with i7 6700K- 6 gen Intel Series ( Skylake gen 2015 and more )
all was in RED ( except SGX that only concerns Xeon ) ,
i get Green , or Yellow/Red if database date microcode do not match with last from the script

it was also first stepping models

I genuinely have no idea what you wanted to tell me with that. Sorry!

Warning: Do not apply this setting without considering the vulnerabilities it opens up. See this and this for more information.

See Improving performance - ArchWiki

I decided to keep all mitigations on.

SGX works not only on Xeons.