L1TF on Ubuntu

Asked Jun 19 '19 at 23:38

Active Jun 19 '19 at 23:38

Viewed 83 times

I'm running Ubuntu 18.04, and I have the following linux-image and intel-microcode packages:

ii  linux-image-4.18.0-17-generic         4.18.0-17.18~18.04.1                   amd64        Signed kernel image generic
ii  intel-microcode                       3.20180807a.0ubuntu0.18.04.1           amd64        Processor microcode firmware for Intel CPUs

Assume the image is immutable, so I can't install and run the speed47 script or install additional packages—I will make a new image if this one is vulnerable.

What canonical (but not necessarily Canonical) sites can I visit to determine whether the packages contain the necessary mitigations? I'm having trouble finding this information. For example, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF only points to information for up to 4.15, not the 4.18 kernel I have.

asked Jun 19 '19 at 23:38

Isvara

Why can't you download and run a script? Don't you have a temporary directory? I would be very surprised if you did not. – Michael Hampton Jun 20 '19 at 00:27
Don't worry about that part. The intent is to just put focus on the question. – Isvara Jun 20 '19 at 22:01
You'll have to look up each CVE individually, then. This is going to take a long time. You really should find a way to run the script. – Michael Hampton Jun 20 '19 at 22:05
*afaik* all supported Ubuntu kernels provide human-readable output for `grep -r . /sys/devices/system/cpu/vuln*` – anx Jun 21 '19 at 00:56

How can I determine whether I'm vulnerable to SPECTRE/Meltdown/L1TF on Ubuntu

0 Answers0