Spectre & Meltdown vulnerability/mitigation checker for Linux

Ayan

technology anonymous anonymous hacker cracker hack hacked hackers hackersploit hacking kal linux kali hack kali linux hack kali linux hacking kali linux hacks kali linux tutorials ubuntu vulnerabilities z hacker howto & style

description

Link : https://github.com/speed47/spectre-meltdown-checker

Spectre & Meltdown Checker

A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018.

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' CVE-2018-3640 [rogue system register read] aka 'Variant 3a' CVE-2018-3639 [speculative store bypass] aka 'Variant 4' CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow & Foreshadow-NG'

2018-08-15: Foreshadow support is being worked on, vulnerable/immune CPUs are already detected, and kernel-reported vulnerability status is checked, but manual mitigation detection is currently being implemented, will be available in the next few days

Quick summary of the CVEs CVE-2017-5753 bounds check bypass (Spectre Variant 1)

Impact: Kernel & all software Mitigation: recompile software and kernel with a modified compiler that introduces the LFENCE opcode at the proper positions in the resulting code Performance impact of the mitigation: negligible CVE-2017-5715 branch target injection (Spectre Variant 2)

Impact: Kernel Mitigation 1: new opcode via microcode update that should be used by up to date compilers to protect the BTB (by flushing indirect branch predictors) Mitigation 2: introducing "retpoline" into compilers, and recompile software/OS with it Performance impact of the mitigation: high for mitigation 1, medium for mitigation 2, depending on your CPU CVE-2017-5754 rogue data cache load (Meltdown)

Impact: Kernel Mitigation: updated kernel (with PTI/KPTI patches), updating the kernel is enough Performance impact of the mitigation: low to medium CVE-2018-3640 rogue system register read (Variant 3a)

Impact: TBC Mitigation: microcode update only Performance impact of the mitigation: negligible CVE-2018-3639 speculative store bypass (Variant 4)

Impact: software using JIT (no known exploitation against kernel) Mitigation: microcode update + kernel update making possible for affected software to protect itself Performance impact of the mitigation: low to medium CVE-2018-3615 l1 terminal fault (Foreshadow)

TBC CVE-2018-3620 l1 terminal fault (Foreshadow-NG)

TBC CVE-2018-3646 l1 terminal fault (Foreshadow-NG)

TBC

Understanding what this script does and doesn't This tool does its best to determine whether your system is immune (or has proper mitigations in place) for the collectively named "speculative execution" vulnerabilities. It doesn't attempt to run any kind of exploit, and can't guarantee that your system is secure, but rather helps you verifying whether your system has the known correct mitigations in place. How ... https://www.youtube.com/watch?v=wOkLut0Bc0Q

created

2020-02-07

staked

0.0 LBC

license

Copyrighted (contact publisher)

File size

7230841 Bytes