for anyone who hasnt found this already
- Code: Select all
git clone https://github.com/speed47/spectre-meltdown-checker.git
Initialized empty Git repository in /root/spectre-meltdown-checker/.git/
remote: Counting objects: 393, done.
remote: Compressing objects: 100% (20/20), done.
remote: Total 393 (delta 16), reused 18 (delta 8), pack-reused 365
Receiving objects: 100% (393/393), 137.35 KiB, done.
Resolving deltas: 100% (231/231), done.
# cd spectre-meltdown-checker
[spectre-meltdown-checker]# sh ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.31
Checking for vulnerabilities against running kernel ...............
CPU is ......
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: YES
> STATUS: NOT VULNERABLE (84 opcodes found, which is >= 70, heuristic to be improved when official patches become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation
* The SPEC_CTRL MSR is available: NO
* The SPEC_CTRL CPUID feature bit is set: NO
* Kernel support for IBRS: YES
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Checking if we're running under Xen PV (64 bits): NO
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)
A false sense of security is worse than no security at all, see --disclaimer
that run was on a redhat 6 system, and ive anonymized some of the info.
however its a nice and easy test for people to check what status they are.
for example, my laptop is still not fixed, because intel has not released all the firmware, which means mageia cannot provide a fix for variant 2 yet on all systems.
while amd has released firmware updates, the fix is not yet in them, again mageia cant do anything about this, as the microcode is proprietary, ie not open source.
your mileage will therefore vary.
regards peter