The officially official Devuan Forum!

You are not logged in.

#1 2019-05-16 11:39:27

boycottsystemd
Member
Registered: 2017-09-25
Posts: 101  

ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

There is anoher intel vulnerability which uses hyperthreading.

I've booted ASCII kernel with noht parameter.

I've tried to disable hyperthreading:

sudo -i && echo 0 > /sys/devices/system/cpu/online

but

# cat /sys/devices/system/cpu/online 
0-3

Any idea pls ?

$ uname -a
4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64 GNU/Linux

Offline

#2 2019-05-16 13:56:55

siva
Member
Registered: 2018-01-25
Posts: 282  

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

boycottsystemd wrote:

There is anoher intel vulnerability which uses hyperthreading.

Similar vulnerabilities, especially from Intel, will keep coming.  2018 was the year of microcode exploits.  Until Intel releases a mass-recall to fix their hardware (they won't), just sit back and enjoy the show.

Any idea pls ?

It's good practice to find research whether or not the CVE has been resolved:
https://www.debian.org/security/2019/dsa-4444

Offline

#3 2019-05-16 15:21:13

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

boycottsystemd wrote:

I've booted ASCII kernel with noht parameter.

The parameter you want is nosmt.

You also need the 2019-05-14 version of the intel-microcode package and the most recent kernel version (4.9.168-1+deb9u2, install the linux-image-amd64 metapackage to get this).

EDIT: you already have the kernel.

Use this to check vulnerabilities:

grep -R . /sys/devices/system/cpu/vulnerabilities

The zombieload vulnerability corresponds to MDS in the /sys checklist.

Last edited by Head_on_a_Stick (2019-05-16 15:23:11)


Brianna Ghey — Rest In Power

Offline

#4 2019-08-26 06:24:05

boycottsystemd
Member
Registered: 2017-09-25
Posts: 101  

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

Head_on_a_Stick wrote:
boycottsystemd wrote:

I've booted ASCII kernel with noht parameter.

The parameter you want is nosmt.

You also need the 2019-05-14 version of the intel-microcode package and the most recent kernel version (4.9.168-1+deb9u2, install the linux-image-amd64 metapackage to get this).

EDIT: you already have the kernel.

Use this to check vulnerabilities:

grep -R . /sys/devices/system/cpu/vulnerabilities

The zombieload vulnerability corresponds to MDS in the /sys checklist.

Thank you and apology for delay.

# grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, RSB filling
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT disabled
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI

Offline

#5 2019-08-26 16:42:29

pcalvert
Member
Registered: 2017-05-15
Posts: 215  

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

Here's mine:

# grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: EPT disabled
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI

Doesn't look good. sad

Phil


Freespoke is a new search engine that respects user privacy and does not engage in censorship.
Another one is called Luxxle.

Offline

#6 2019-08-27 18:12:58

boycottsystemd
Member
Registered: 2017-09-25
Posts: 101  

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

pcalvert wrote:

Here's mine:

# grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: EPT disabled
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI

Doesn't look good. sad

Phil

(... I suppose you are using latest firmware...)

Offline

#7 2019-08-28 16:59:07

pcalvert
Member
Registered: 2017-05-15
Posts: 215  

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

boycottsystemd wrote:

(... I suppose you are using latest firmware...)

That is correct.

Phil


Freespoke is a new search engine that respects user privacy and does not engage in censorship.
Another one is called Luxxle.

Offline

Board footer