Автор Тема: Как проверить наличие уязвимости Spectre и Meltdown  (Прочитано 729 раз)

hades

  • Administrator
  • Майнер
  • *****
  • Сообщений: 77
Копируем скрипт на машину:

Цитировать
$ cd /tmp/
$ wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh

или

Цитировать
git clone https://github.com/speed47/spectre-meltdown-checker.git

Запускаем скрипт:
Цитировать
sudo sh spectre-meltdown-checker.sh


Далее будет вывод похожий на это:

Цитировать
$ sudo sh spectre-meltdown-checker.sh
[sudo] password for hades:
Spectre and Meltdown mitigation detection tool v0.20

Checking for vulnerabilities against live running kernel Linux 4.4.0-104-generic #127-Ubuntu SMP Mon Dec 11 12:16:42 UTC 2017 x86_64
Will use vmlinux image /boot/vmlinuz-4.4.0-104-generic
Will use kconfig /boot/config-4.4.0-104-generic
Will use System.map file /proc/kallsyms

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO  (only 38 opcodes found, should be >= 70)
> STATUS:  VULNERABLE  (heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO
*   Kernel support for IBRS:  NO
*   IBRS enabled for Kernel space:  NO
*   IBRS enabled for User space:  NO
* Mitigation 2
*   Kernel compiled with retpoline option:  NO
*   Kernel compiled with a retpoline-aware compiler:  NO
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  NO
* PTI enabled and active:  NO
> STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)


hades

  • Administrator
  • Майнер
  • *****
  • Сообщений: 77
Re: Как проверить наличие уязвимости Spectre и Meltdown
« Ответ #1 : Января 10, 2018, 09:45:50 pm »
После обновления ядра на версию Linux 4.4.0-109-generic #132-Ubuntu SMP Tue Jan 9 19:52:39 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Цитировать
linux-meta (4.4.0.109.114) xenial; urgency=low

  * Bump ABI 4.4.0-109

 -- Leann Ogasawara <[email protected]>  Tue, 09 Jan 2018 18:47:21 -0800

linux-meta (4.4.0.108.113) xenial; urgency=medium

  * Bump ABI 4.4.0-108

 -- Marcelo Henrique Cerri <[email protected]>  Sun, 07 Jan 2018 12:33:48 -0200

linux-meta (4.4.0.107.112) xenial; urgency=medium

  * Bump ABI 4.4.0-107

 -- Kleber Sacilotto de Souza <[email protected]>  Sat, 06 Jan 2018 17:45:31 +0100

linux-meta (4.4.0.106.111) xenial; urgency=medium

  * Bump ABI 4.4.0-106

 -- Kleber Sacilotto de Souza <[email protected]>  Fri, 05 Jan 2018 20:20:04 +0100

linux-meta (4.4.0.105.110) xenial; urgency=medium

  * Bump ABI 4.4.0-105