Page 1 of 1

meltdown and spectre

Posted: 4. Jan 2018, 15:25
by mimosa

Re: meltdown and spectre

Posted: 28. Jan 2018, 21:01
by gaucho
I recently saw a link to this vulnerability checker in another Linux forum, and am posting it here in case it is useful for Salix OS users. :)

http://news.softpedia.com/news/how-to-c ... 9364.shtml

Nestor, Marius. "How to Check If Your Linux PC Is Vulnerable to Meltdown & Spectre Security Flaws." Softpedia News. 13 Jan. 2018.

The actual script by developer Stephane Lesimple is located here:

https://github.com/speed47/spectre-meltdown-checker

https://github.com/speed47/spectre-melt ... r/releases

(The current release is v.0.33)

1. Save the compressed file to your /home folder.

2. Extract it.

3. Open a Terminal and navigate to the location of the extracted files.

4. According to the instructions, you should launch the script with root privileges to get accurate information.

5. Type the following (depending on your preferences):

Code: Select all

$ sudo sh ./spectre-meltdown-checker.sh
, or,

Code: Select all

# sh ./spectre-meltdown-checker.sh
6. Sample output from the script is below:

Code: Select all

david[spectre-meltdown-checker-0.33]$ sudo sh ./spectre-meltdown-checker.sh
Password: 
Spectre and Meltdown mitigation detection tool v0.33

Checking for vulnerabilities on current system
Kernel is Linux 4.4.111-smp #2 SMP Thu Jan 11 14:01:08 CST 2018 i686
CPU is Intel(R) Atom(TM) CPU N455   @ 1.66GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  UNKNOWN 
  * CPU microcode is known to cause stability problems:  NO 
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  NO 
  * Vulnerable to Variant 3:  NO 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO 
> STATUS:  VULNERABLE  (only 50 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  NO 
  * Kernel compiled with a retpoline-aware compiler:  NO 
  * Retpoline enabled:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  NO 
* PTI enabled and active:  NO 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

A false sense of security is worse than no security at all, see --disclaimer