SparkyLinux Forums

Software & hardware support => Newbie questions => Topic started by: nemomen on May 05, 2021, 08:59:57 AM

Title: Spectre-Meltdown vulnerabilities.
Post by: nemomen on May 05, 2021, 08:59:57 AM
Hello every Sparkers.
Just a little question by a green-horner.
When I run the spectre-meltdown-checker as user I had found vulnerabilities, and when I run it as sudo at the same time I had found no vulnerabilities.
Of course, the commands of update-grub/grub2 had been updated every times.
I do not understand/know right now, is the whole system vulnerable or it isn't?
If the answer 'yes', how can I fix it (forever).
The system is: SparkyLinux 5.15 Nibiru 64bit UEFI Xfce.
Thanks in advance and be healthy
nemomen
Title: Re: Spectre-Meltdown vulnerabilities.
Post by: paxmark1 on May 06, 2021, 12:10:33 AM
have you looked at

https://wiki.debian.org/DebianSecurity/SpectreMeltdown

Section for you is probably
64-bit PC (amd64)       This includes the intel processors.   Seems to be all green for 4.19  for Debians end of it.   They cite about a possible need for hardware fixes from vendor for Spectre2

more info on specific binaries of checker at

https://tracker.debian.org/pkg/spectre-meltdown-checker

If you are in stable (which it appears you are, you will get a fresher binary via backports. 

I am just a hobbyist and not an expert on this.   Others would know more about the Sparky linux kernel, but as for myself, you are probably much safer than in windows and Debian has been very serious about security for decades.    The  safety of Debian with the flexbiliity and bells and whistles of Sparky.     

Title: Re: Spectre-Meltdown vulnerabilities.
Post by: nemomen on May 06, 2021, 11:21:30 AM
Hello paxmark1, hello Sparkers!
thanks for your respond. You are right, I always use stable releases.
Detailed:
On the website for the first code all items are in green, and I have regularly update grub/grub2, so I think, they are correct.
On the website for the second code, I could not find any similar items, like mine.
And I do repeat my statement: only when I run the command as normal user led to the CVE-2018-3640 and CVE-2018-3615 affected results, which are not stated on the websites. Running the command as root, and I always run it as root, never led the other, than clean result.
I do not understand, what would be the reason of the difference of normal user and root in this case.
Care safe!
nemomen