Spectre-meltdown-checker CVE-2020-0543:KO

servimo · 20 February 2022 15:56

With the latest update of “spectre-meltdown-checker” as its been a while I don t check, now I see this:

CVE-2020-0543 aka ‘Special Register Buffer Data Sampling (SRBDS)’

Mitigated according to the /sys interface: NO (Vulnerable: No microcode)

SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)

SRBDS mitigation control is enabled and active: NO

STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate the vulnerability

but in the begining of the check I have this:

CPU supports Special Register Buffer Data Sampling (SRBDS): NO

so, no vulnerability at all?

merlock · 20 February 2022 16:10

Can’t be vulnerable if your CPU doesn’t have that feature.

Maybe you could file a bug report.

stephane · 20 February 2022 16:27

its depending on microcode version , if microcode is ok it should be not vulnerable ,
but if there no version found , is tagged vulnerable…

be careful microcode linux is not microcode microsoft , and not microcode intel ( as motherboard reseller )

see this on last information

servimo · 20 February 2022 16:43

I have installed the latest microcode from Manjaro:

Intel-ucode 20220207-1

As my CPU is an old Intel Core i7 and this vulnerability maybe is not so important now for Intel lets say that is nothing to do, I can live with this.

servimo · 22 February 2022 13:41

“A processor is affected by SRBDS if its Family_Model and stepping is in the following list, with the exception of the listed processors exporting MDS_NO while Intel TSX is available yet not enabled. The latter class of processors are only affected when Intel TSX is enabled by software using TSX_CTRL_MSR otherwise they are not affected.”
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/special-register-buffer-data-sampling.html#affected-processors

Intel® Transactional Synchronization Extensions No

Nachlese · 22 February 2022 18:17

In my personal opinion
on a personal computer
which is not a server to anyone or anything apart from occasional ssh connections from inside my (very small) local network
I do not care about this or any other of these kind of vulnerabilities.

I do not want to incur the performance impact these (may) have for no gain.

And so I decided
(just for myself)
to disable any and all of these mitigations
by adding:
mitigations=off
to the Grub command line
to disable them all in one go.

But maybe someone can and wants to correct me on this my decision?

servimo · 22 February 2022 18:43

I am on a personal desktop computer too, I was just curious about, maybe this mitigations will have impact over a server with many ssh connections as you say. I was just investigating what was this.

stephane · 22 February 2022 18:59

i repeat what i was seeing before with i7 6700K- 6 gen Intel Series ( Skylake gen 2015 and more )
all was in RED ( except SGX that only concerns Xeon ) ,
i get Green , or Yellow/Red if database date microcode do not match with last from the script

it was also first stepping models

Nachlese · 22 February 2022 19:01

I genuinely have no idea what you wanted to tell me with that. Sorry!

Yochanan · 22 February 2022 19:01

Warning: Do not apply this setting without considering the vulnerabilities it opens up. See this and this for more information.

See Improving performance - ArchWiki

servimo · 22 February 2022 19:15

I decided to keep all mitigations on.

openminded · 23 February 2022 09:22

SGX works not only on Xeons.