You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On my box, which is only for HOME use running a Ryzen 5 5600X, I wanted to know if someone can please tell me, if I should have the below options enabled that I Highlighted in BOLD?
THANKS
Spectre and Meltdown mitigation detection tool v0.46
Checking for vulnerabilities on current system
Kernel is Linux 5.15.135 #1 SMP PREEMPT Wed Oct 11 16:58:21 2023 x86_64 CPU is AMD Ryzen 5 5600X 6-Core Processor
Hardware check
Hardware support (CPU microcode) for mitigation techniques
Indirect Branch Restricted Speculation (IBRS)
SPEC_CTRL MSR is available: YES
CPU indicates IBRS capability: YES (IBRS_SUPPORT feature bit)
CPU indicates preferring IBRS always-on: NO
CPU indicates preferring IBRS over retpoline: YES
Indirect Branch Prediction Barrier (IBPB)
CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
Single Thread Indirect Branch Predictors (STIBP)
SPEC_CTRL MSR is available: YES
CPU indicates STIBP capability: YES (AMD STIBP feature bit)
CPU indicates preferring STIBP always-on: YES
Speculative Store Bypass Disable (SSBD)
CPU indicates SSBD capability: YES (AMD SSBD in SPEC_CTRL)
L1 data cache invalidation
CPU indicates L1D flush capability: NO
CPU supports Transactional Synchronization Extensions (TSX): NO
CPU supports Software Guard Extensions (SGX): NO
CPU supports Special Register Buffer Data Sampling (SRBDS): NO
CPU microcode is known to fix Zenbleed: NO
CPU microcode is known to cause stability problems: NO (family 0x19 model 0x21 stepping 0x0 ucode 0xa20102b cpuid 0xa20f10)
CPU microcode is the latest known available version: YES (latest version is 0xa201025 dated 2021/10/14 according to builtin firmwares DB v273+i20230808+b6bd)
CPU vulnerability to the speculative execution attack variants
Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
Affected by CVE-2018-3640 (Variant 3a, rogue system register read): NO
Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
Affected by CVE-2023-20593 (Zenbleed, cross-process information leak): NO
Affected by CVE-2022-40982 (Downfall, gather data sampling (GDS)): NO
Mitigated according to the /sys interface: YES (Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected)
Mitigation 1
Kernel is compiled with IBRS support: YES
IBRS enabled and active: YES (for firmware code only)
Kernel is compiled with IBPB support: YES
IBPB enabled and active: YES
Mitigation 2
Kernel has branch predictor hardening (arm): NO
Kernel compiled with retpoline option: YES
Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
Mitigated according to the /sys interface: YES (Not affected)
Kernel supports Page Table Isolation (PTI): YES
PTI enabled and active: NO
Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
Running as a Xen PV DomU: NO
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
CPU microcode mitigates the vulnerability: YES
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
SSB mitigation is enabled and active: YES (per-thread through prctl)
SSB mitigation currently active for selected processes: YES (dhcpcd firefox-bin)
STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
Mitigated according to the /sys interface: YES (Not affected)
This system is a host running a hypervisor: NO
iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image) iTLB Multihit mitigation enabled and active: NO
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
Mitigated according to the /sys interface: YES (Not affected)
SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation) SRBDS mitigation control is enabled and active: NO
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2023-20593 aka 'Zenbleed, cross-process information leak'
Zenbleed mitigation is supported by kernel: YES (found zenbleed message in kernel image) Zenbleed kernel mitigation enabled and active: NO (FP_BACKUP_FIX is cleared in DE_CFG)
Zenbleed mitigation is supported by CPU microcode: UNKNOWN
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2022-40982 aka 'Downfall, gather data sampling (GDS)'
Mitigated according to the /sys interface: YES (Not affected)
GDS is mitigated by microcode: NO
Kernel supports software mitigation by disabling AVX: YES (found gather_data_sampling in kernel image) Kernel has disabled AVX as a mitigation: NO (AVX support is enabled) - I'm not understanding why NO here?
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
On my box, which is only for HOME use running a Ryzen 5 5600X, I wanted to know if someone can please tell me, if I should have the below options enabled that I Highlighted in BOLD?
THANKSSpectre and Meltdown mitigation detection tool v0.46
Checking for vulnerabilities on current system
Kernel is Linux 5.15.135 #1 SMP PREEMPT Wed Oct 11 16:58:21 2023 x86_64
CPU is AMD Ryzen 5 5600X 6-Core Processor
Hardware check
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
PTE inversion enabled and active: NO
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
Kernel mitigation is enabled and active: NO
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
Kernel mitigation is enabled and active: NO
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
Kernel mitigation is enabled and active: NO
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
Kernel mitigation is enabled and active: NO
CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
TAA mitigation enabled and active: NO
CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
iTLB Multihit mitigation enabled and active: NO
CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
SRBDS mitigation control is enabled and active: NO
CVE-2023-20593 aka 'Zenbleed, cross-process information leak'
Zenbleed kernel mitigation enabled and active: NO (FP_BACKUP_FIX is cleared in DE_CFG)
CVE-2022-40982 aka 'Downfall, gather data sampling (GDS)'
Kernel has disabled AVX as a mitigation: NO (AVX support is enabled) - I'm not understanding why NO here?
The text was updated successfully, but these errors were encountered: