Possibly similar to #302 and #310, I get:

output

user@host:~$ sudo /usr/bin/spectre-meltdown-checker --version Spectre and Meltdown mitigation detection tool v0.43

selective copypasta from output with --explain:

CPU microcode is known to cause stability problems: NO (model 0x4c family 0x6 stepping 0x4 ucode 0x411 cpuid 0x406c4)
CPU microcode is the latest known available version: YES (latest version is 0x411 dated 2019/04/23 according to builtin firmwares DB v130.20191104+i20191027)

CVE-2018-3640 aka \'Variant 3a, rogue system register read\'

CPU microcode mitigates the vulnerability: NO > STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)

CVE-2018-3640:KO

system details

user@host:~$ su root -c 'dmesg -t |grep -i "smpboot\: CPU0"'
Password:
smpboot: CPU0: Intel(R) Celeron(R) CPU  N3160  @ 1.60GHz (family: 0x6, model: 0x4c, stepping: 0x4)

user@host:~$ cat /proc/cpuinfo | grep -m 4 'family\|model\|stepping'
cpu family      : 6
model           : 76
model name      : Intel(R) Celeron(R) CPU  N3160  @ 1.60GHz
stepping        : 4

user@host:~$ su root -c 'dmesg -t | grep -i microcode'
Password:
microcode: microcode updated early to revision 0x411, date = 2019-04-23
microcode: sig=0x406c4, pf=0x1, revision=0x411
microcode: Microcode Update Driver: v2.2.

user@host:~$ dpkg -l intel-microcode
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name            Version                     Architecture Description
+++-===============-===========================-============-===========================================
ii  intel-microcode 3.20210608.0ubuntu0.20.04.1 amd64        Processor microcode firmware for Intel CPUs

user@host:~$ uname --kernel-name --kernel-release --kernel-version --machine --processor --hardware-platform --operating-system
Linux 5.11.0-27-generic #29~20.04.1-Ubuntu SMP Wed Aug 11 15:58:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

question

I read Intel SA-00115, which shows "Apollo Lake" Intel® Celeron® Processor N Series only N3350, N3450 are vulnerable and have a microcode update. I read Affected Processors: Transient Execution Attacks & Related Security Issues by CPU, the 06_4CH processor (corresponding to family 6, model 76 and the dmesg output, if I understand correctly) only lists the Atom processors affected.

I checked ark.intel.com, and when I look at the full specs, I see that it is codename Braswell, which is part of "Cherry View", not "Apollo Lake".

user@host:~$ sudo /usr/sbin/iucode-tool -V
iucode_tool 2.3.1
Copyright (c) 2010-2018 by Henrique de Moraes Holschuh

Based on code from the Linux microcode_intel driver and from
the microcode.ctl package, copyright (c) 2000 by Simon Trimmer
and Tigran Aivazian.

This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE.

user@host:~$ sudo /usr/sbin/iucode-tool -S
/usr/sbin/iucode-tool: system has processor(s) with signature 0x000406c4

user@host:~$ od -N16 -t x4 /lib/firmware/intel-ucode/06-4c-04
0000000 00000001 00000411 04232019 000406c4
0000020

According to Microcode Update Guidance, in the above file header, 00000411 is the microcode version, 04232019 is the date on which the IPU was created, and 000406c4 is the family/model/stepping in the format returned by the CPUID instruction.

Is this a false positive, or does this processor require a microcode update that is not available? Maybe it falls into the pit outlined by the security advisory? "A listing of microcode updates that have been production qualified can be found here and will be updated as necessary. It is expected that remaining microcode updates, currently in beta, will be production qualified in the coming weeks."

Thank you for any guidance.

speed47 / spectre-meltdown-checker

CVE-2018-3640:KO False Positive for Intel(R) Celeron(R) CPU N3160? #411

output

system details

question