Spectre – Meltdown checker (linux)

Advertisements

I have just tried on my not so new pc this interesting script: Specter-Meltdown-Checker , as specified also in instructions, it is not a bible, but surely it is something could give you very useful informations – this script give you the possibility to check your pc vulnerability to  Spectre (2 variants) and Meltdown.
Pc features:
Intel I5-3470 (ivy bridge) 3.20 GHz
Kernel: 4.14.13-1-ARCH
8 GB ram
Arch Linux
Nvidia Geforce Gt-630
full Hardware details are here , (i have used lshw command)
i downloaded  and extracted .zip file ,
then i applied execute permission to .sh file through chmod +x

Then i have executed the script (Is recommended to execute script being root)
after password insertion, the script can run:below results:
Spectre Variant 1 (CVE-2017-5753 bounds check bypass)
final result is
 
Spectre Variant 2 (CVE-2017-5715 branch target injection)
as you can see, script try to check if in my machine are some mitigations 

final result is
 
 
Meltdown (CVE-2017-5754 rogue data cache load)
In that case result was positive, thanks Kernel 🙂


 Just for curiosity i have also executed script without root permission (i know, have no sense but i wanted see differences) below you can see what happens:
Obviously script will warn you, then will start



Spectre (Variant 1)
only differences are B^B^B^checking LFENCE while outcome (UNKNOWN) and especially final result (VULNERABLE) are exactly the same you can see executing script as root

Spectre (Variant 2)
during mitigation 1 check there is a read permission error (predictable considering we don’t have root permission) on /dev/cpu/0/msr , so script can’t check cpu microcode

Rest of other checks (IBRS kernel support,kernel space,user space etc) were identical as reported above , included final result (VULNERABLE)
Meltdown
Identical result as reported above (NOT VULNERABLE)

Advertisements
This entry was posted in Gnu-Linux, Tech news - tutorials. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *