Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False vulnerability CVE-2020-0543? [Bug Report] #416

Open
servimo opened this issue Feb 20, 2022 · 6 comments
Open

False vulnerability CVE-2020-0543? [Bug Report] #416

servimo opened this issue Feb 20, 2022 · 6 comments

Comments

@servimo
Copy link

servimo commented Feb 20, 2022

CPU supports Special Register Buffer Data Sampling (SRBDS): NO

CVE-2020-0543 aka ‘Special Register Buffer Data Sampling (SRBDS)’
Mitigated according to the /sys interface: NO (Vulnerable: No microcode)
SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
SRBDS mitigation control is enabled and active: NO
STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate the vulnerability
@speed47
Copy link
Owner

speed47 commented Mar 21, 2022

Your CPU doesn't seem to have the latest microcode to support SRBDS mitigation.
Mitigation for this vulnerability requires a recent kernel AND recent microcode for your CPU.

@servimo
Copy link
Author

servimo commented Mar 21, 2022
edited
Loading

I think it is a false vulnerability because my processor is an old Intel i7 3770k (3rd generation) and this suport SRBDS is related to a technology it don't have.
I could be wrong.

@speed47
Copy link
Owner

speed47 commented Mar 21, 2022

Your CPU is indeed affected, first row of this table:
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-srbds.html
As of to why you might not have a microcode that mitigates the issue, most probably your CPU is out of support and will never get the fix (see https://github.com/speed47/spectre-meltdown-checker/blob/master/FAQ.md#the-tool-says-that-i-need-a-more-up-to-date-microcode-but-i-have-the-more-recent-version )

@servimo
Copy link
Author

servimo commented Mar 21, 2022
edited
Loading

Nothing I can do.
But in here my core specifications say:

Intel® Transactional Synchronization Extensions no

https://ark.intel.com/content/www/us/en/ark/products/65523/intel-core-i73770k-processor-8m-cache-up-to-3-90-ghz.html?wapkw=intel%20core%20i7%203770k

Ok. I am out of support.
Thanks for your explanation.

@qcretro
Copy link

qcretro commented Mar 10, 2023

I'm running a Xeon 1230 v2 (ivybridge) that is vulnerable to SRBDS on kernel 5.15.85-1 and intel-microcode 3.20221108.2 from debian testing and the tool reports that my system is vulnerable. I added srbds=on to kernel boot

root@zaphod:~# dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x21, date = 2019-02-13 [ 0.202493] SRBDS: Vulnerable: No microcode [ 0.924981] microcode: sig=0x306a9, pf=0x2, revision=0x21 [ 0.925117] microcode: Microcode Update Driver: v2.2.

@servimo
Copy link
Author

servimo commented Mar 10, 2023
edited
Loading

For what I understand there is no mitigation for ivybridge microcode. No matter if you put SRBDS=on or off. Intel will not gonna give support for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@speed47 @servimo @qcretro