intel-microcodeをインストールしましたが、./spectre-meltdown-checker.shを使用すると、次のメッセージが表示されます。
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface: NO (Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled)
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: YES
> STATUS: VULNERABLE (Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled)
どうすれば解決できますか?私は理解できません。
sudo ./spectre-meltdown-checker.sh | grep 'CPU microcode is'
[sudo] password for user:
* CPU microcode is known to cause stability problems: NO (model 0x2d family 0x6 stepping 0x7 ucode 0x710 cpuid 0x206d7)
* CPU microcode is the latest known available version: NO (latest version is 0x714 dated 2018/05/08 according to builtin MCExtractor DB v112 - 2019/05/22)
IBPB is considered as a good addition to retpoline for Variant 2 mitigation, but your CPU microcode doesn't support it
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)
しかし、これは最新です。
sudo apt install intel-microcode
Reading package lists... Done
Building dependency tree
Reading state information... Done
intel-microcode is already the newest version (3.20180807a.2~deb9u1).
ベストアンサー1
/etc/apt/sources.list のセキュリティリポジトリで無料でない機能を有効にしましたか?
deb http://security.debian.org/ stretch/updates main contrib non-free
そうでない場合は、無料でない apt-get アップデートを有効にして intel-microcode を再インストールしてください。新しいパッケージがインストールされます。再起動してspectre-meltdown-checkerを再試行してください。