Skip to main content

Update for Spectre And Meltdown, A Script for Checking Your System

I found a very nice program to run and check if my computer is vulnerable to Spectre and Meltdown. It is now March 2018. Two months after the initial reports of the vulnerabilities against computer processors, what is the state of security with regard to these two vulnerabilities?

Thank you to this script by Stephen Lesimple. The link is a git clone link. It will download everything in its directory. Inspect the script before running it as root.

There are no options. It will check your system against 3 CVE's made for the "speculative execution" vulnerability. This is my output.

Spectre and Meltdown mitigation detection tool v0.35

Checking for vulnerabilities on current system
Kernel is Linux 4.15.5-1-ARCH #1 SMP PREEMPT Thu Feb 22 22:15:20 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  YES 
    * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  YES 
    * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  YES 
    * CPU indicates STIBP capability:  YES 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  YES  (model 60 stepping 3 ucode 0x23)

The microcode your CPU is running on is known to cause instability problems,
such as intempestive reboots or random crashes.
You are advised to either revert to a previous microcode version (that might not have
the mitigations for Spectre), or upgrade to a newer one if available.

* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits 
array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  YES 
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline 
compilation)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
[donato@archdesktop spectre-meltdown-checker]$ 


Comments

Popular posts from this blog

Password Issues On Ubuntu Login

I found myself unable to enter my login credentials when prompted to do so in Ubuntu. I think I might have changed it then forget about it. I've been running the current session for more days than I should have. I forget. So what's the solution to my problem. How do I get in to my system now? It involved getting into the grub menu somehow. I am uncertain as to how to do that exactly in your system. So there's a couple of ways to do it (finger's crossed). When booting at system start, use the esc key or the shift key. The first one worked for me. The timing is key. Wait until the bios banner shows then hit the esc key once. I am using Ubuntu 22.04.4 here. I have a current version of grub. The grub menu will give you options and the one you want is: root. Yes you want root privileges to set the root password. It should give you a terminal access where you can issue commands. Type: #mount -rw -o -s remount / ==> this command mounts the filesyste...

New ZFS Pool And the New 4TB Hard Drive

I am using the new pool for my videos and music. Downloading them using my torrent client, transmission. The old pool is raidz2 and now I am using a raidz1 only. But and a big but I gained space of up to 4.5 TB.

2024 So Far

I have a feeling of moving earth or walking off my itchiness. The growing fat in my belly tells me I am failing on many occasions to give in to this urge. My eyes are blurred by morning glory. I remember my father having the same ritual in the morning. After his weak stroke, he couldn't speak much, just a grunt but he would demonstrate with hand how he liked to wash his face. The weather wasn't helping. It's been raining cats and dogs the past week. The province of Rizal was soaked and spilled volumes of water into the bay and Laguna lake. Our Caimito tree was cut to no more than 4 feet from the ground. It was towering above the corrugated sheet metal of our roof. Now it lay horizontal on the yard. I calculated it could be made into a whole table and chairs set by a talented carpenter artist. I showed Lino the two big pieces of trunk that could only be moved if cut by a power saw in place. The road widening project in San Mateo was in the middle stage. One side of the road ...