How to know if my Kernel version contains mitigation of "Intel Meltdown vulnerability"


#1

Hello everyone, this is my first post on the forum. How do I know if my Kernel contains the mitigation for the recent disclosed intel vulnerabilities AKA “Meltdown” as described here? My Kernel version currently is 4.9.74-2 and according to archlinux’s site, the 4.9.74-1 is still vulnerable (https://security.archlinux.org/CVE-2017-5754) and I don’t know if my version is patched with the security update. Thanks in advance.


#2

If you updated recently you should. Patched kernels were available yesterday:

There is a long discussion thread here:

Near the bottom shows how to test if installed:


#3

@fabiotk

Run

dmesg -wH | grep 'page tables isolation'

in a terminal and you should get this

Kernel/User page tables isolation: enabled

if the KPTI feature is enabled for your kernel.


#4

I guess you likely meant

dmesg | grep 'page tables isolation'

i.e. without -w, as dmesg -w would wait for new messages.


#5

You are right, there is no need for “w” since it will wait for new messages but it gets the job done:

[marte@marte-manjaro ~]$ dmesg -wH | grep 'page tables isolation'
[  +0,000000] Kernel/User page tables isolation: enabled

Thanks for the correction.


#6

#7

wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
chmod +x spectre-meltdown-checker.sh
sudo ./spectre-meltdown-checker.sh


Did the Intel microcode update 20180108 fix Spectre?