On my box, which is only for HOME use running a Ryzen 5 5600X, I wanted to know if someone can please tell me, if I should have the below options enabled that I Highlighted in BOLD?
THANKS
Spectre and Meltdown mitigation detection tool v0.46
Checking for vulnerabilities on current system
Kernel is Linux 5.15.135 #1 SMP PREEMPT Wed Oct 11 16:58:21 2023 x86_64
CPU is AMD Ryzen 5 5600X 6-Core Processor
Hardware check
Hardware support (CPU microcode) for mitigation techniques
Indirect Branch Restricted Speculation (IBRS)
SPEC_CTRL MSR is available: YES
CPU indicates IBRS capability: YES (IBRS_SUPPORT feature bit)
CPU indicates preferring IBRS always-on: NO
CPU indicates preferring IBRS over retpoline: YES
Indirect Branch Prediction Barrier (IBPB)
CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
Single Thread Indirect Branch Predictors (STIBP)
SPEC_CTRL MSR is available: YES
CPU indicates STIBP capability: YES (AMD STIBP feature bit)
CPU indicates preferring STIBP always-on: YES
Speculative Store Bypass Disable (SSBD)
CPU indicates SSBD capability: YES (AMD SSBD in SPEC_CTRL)
L1 data cache invalidation
CPU indicates L1D flush capability: NO
CPU supports Transactional Synchronization Extensions (TSX): NO
CPU supports Software Guard Extensions (SGX): NO
CPU supports Special Register Buffer Data Sampling (SRBDS): NO
CPU microcode is known to fix Zenbleed: NO
CPU microcode is known to cause stability problems: NO (family 0x19 model 0x21 stepping 0x0 ucode 0xa20102b cpuid 0xa20f10)
CPU microcode is the latest known available version: YES (latest version is 0xa201025 dated 2021/10/14 according to builtin firmwares DB v273+i20230808+b6bd)
CPU vulnerability to the speculative execution attack variants
Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
Affected by CVE-2018-3640 (Variant 3a, rogue system register read): NO
Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
Affected by CVE-2023-20593 (Zenbleed, cross-process information leak): NO
Affected by CVE-2022-40982 (Downfall, gather data sampling (GDS)): NO
Mitigated according to the /sys interface: YES (Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected)
Mitigation 1
Kernel is compiled with IBRS support: YES
IBRS enabled and active: YES (for firmware code only)
Kernel is compiled with IBPB support: YES
IBPB enabled and active: YES
Mitigation 2
Kernel has branch predictor hardening (arm): NO
Kernel compiled with retpoline option: YES
Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
Mitigated according to the /sys interface: YES (Not affected)
Kernel supports Page Table Isolation (PTI): YES
PTI enabled and active: NO
Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
Running as a Xen PV DomU: NO
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
CPU microcode mitigates the vulnerability: YES
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
SSB mitigation is enabled and active: YES (per-thread through prctl)
SSB mitigation currently active for selected processes: YES (dhcpcd firefox-bin)
STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
Mitigated according to the /sys interface: YES (Not affected)
This system is a host running a hypervisor: NO
iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
iTLB Multihit mitigation enabled and active: NO
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
Mitigated according to the /sys interface: YES (Not affected)
SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
SRBDS mitigation control is enabled and active: NO
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2023-20593 aka 'Zenbleed, cross-process information leak'
Zenbleed mitigation is supported by kernel: YES (found zenbleed message in kernel image)
Zenbleed kernel mitigation enabled and active: NO (FP_BACKUP_FIX is cleared in DE_CFG)
Zenbleed mitigation is supported by CPU microcode: UNKNOWN
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
CVE-2022-40982 aka 'Downfall, gather data sampling (GDS)'
Mitigated according to the /sys interface: YES (Not affected)
GDS is mitigated by microcode: NO
Kernel supports software mitigation by disabling AVX: YES (found gather_data_sampling in kernel image)
Kernel has disabled AVX as a mitigation: NO (AVX support is enabled) - I'm not understanding why NO here?
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not affected)
On my box, which is only for HOME use running a Ryzen 5 5600X, I wanted to know if someone can please tell me, if I should have the below options enabled that I Highlighted in BOLD?
THANKS
Spectre and Meltdown mitigation detection tool v0.46
Checking for vulnerabilities on current system Kernel is Linux 5.15.135 #1 SMP PREEMPT Wed Oct 11 16:58:21 2023 x86_64 CPU is AMD Ryzen 5 5600X 6-Core Processor
Hardware check
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
CVE-2023-20593 aka 'Zenbleed, cross-process information leak'
CVE-2022-40982 aka 'Downfall, gather data sampling (GDS)'