Spectre & Meltdown Checker: a useful utility for check your cpu's vulnerability

applications
cpu
meltdown

#1

Hi,
I found this article on ghacks that introduce Spectre & Meltdown Checker , an opensource utility for check your cpu’s vulnerability to Spectre & Meltdown:

Use:

  • download it with wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
  • Type sudo sh spectre-meltdown-checker.sh

My result is:

+Spectre and Meltdown mitigation detection tool v0.31

Checking for vulnerabilities against running kernel Linux 4.4.111-1-MANJARO #1 SMP PREEMPT Wed Jan 10 20:04:47 UTC 2018 x86_64
CPU is Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO 
> STATUS:  VULNERABLE  (only 23 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation
*     The SPEC_CTRL MSR is available:  NO 
*     The SPEC_CTRL CPUID feature bit is set:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Checking if we're running under Xen PV (64 bits):  NO 
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer

So, as expected, the kernel results still vulnerable to Spectre


#2

Spectre is not really something the kernel is responsible for though. As I’ve understood it, it’s a bug in the hardware design of the CPU’s.
Kernel and other software patches, like firmware, can probably mitigate some of Spectre though.


#3

This tool was also linked in the main thread Kernel Page-Table Isolation (KPTI) - severe ARM + Intel CPU bug, hits partly AMD . This is also in the repos as a package (spectre-meltdown-checker).

I’ll say here, too: please don’t post any more test results. There’s no need - every CPU is vulnerable to Spectre. This must be fixed by the vendors either via a new chip design or microcode where possible.


#4

It is also in the manjaro repo! You can install it simply with

sudo pacman -Ss spectre-meltdown-checker


#5

this package is not present in ìn the stable repos. I can see it only in AUR.


#6

I am currently at work (unfortunately not working with Manjaro) therefore I cannot check. But I installed it from the repo based on an announcement from phil 1 or 2 days ago


#7

Hi! There is a README for this tool with a disclaimer as follows:

This tool does its best to determine whether your system is immune (or has proper mitigations in place) for the collectively named “speculative execution” vulnerabilities. It doesn’t attempt to run any kind of exploit, and can’t guarantee that your system is secure, but rather helps you verifying whether your system has the known correct mitigations in place. However, some mitigations could also exist in your kernel that this script doesn’t know (yet) how to detect, or it might falsely detect mitigations that in the end don’t work as expected (for example, on backported or modified kernels).

Your system exposure also depends on your CPU. As of now, AMD and ARM processors are marked as immune to some or all of these vulnerabilities (except some specific ARM models). All Intel processors manufactured since circa 1995 are thought to be vulnerable. Whatever processor one uses, one might seek more information from the manufacturer of that processor and/or of the device in which it runs.

The nature of the discovered vulnerabilities being quite new, the landscape of vulnerable processors can be expected to change over time, which is why this script makes the assumption that all CPUs are vulnerable, except if the manufacturer explicitly stated otherwise in a verifiable public announcement.
This tool has been released in the hope that it’ll be useful, but don’t use it to jump to conclusions about your security.

(Source: https://github.com/speed47/spectre-meltdown-checker/blob/master/README.md)


#8

I’m currently using unstable, it is definitely there, not sure if @philm moved it to stable yet.

$ pacman -Qi spectre-meltdown-checker
Name            : spectre-meltdown-checker
Version         : 0.31-1
Description     : Spectre & Meltdown Checker
Architecture    : any
URL             : https://github.com/speed47/spectre-meltdown-checker
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : bash
Optional Deps   : None
Required By     : None
Optional For    : None
Conflicts With  : None
Replaces        : None
Installed Size  : 94.00 KiB
Packager        : Philip Mueller <philm@manjaro.org>

#9

It’s not yet in stable. Altough I don’t see the “use” for it, other than running it after a microcode update to see if it fixed something.


#10

I’m curious, what is the use of testing a CPU if there in ‘no’ resolution (yet). Any distribution will make available possible fixes from upstream of with patches.

If one is able to test a CPU, one is for sure able to have knowledge of (upstream) updates/patches.

I mean, when you notice your CPU’s are ‘bad’, what do you do yourself? For there are no replacement CPU’s yet, just quick ‘fixes’

Again just curious why one would like to know if a CPU is possibly effected, they all are at the end.


#11

I think the same.


#12

My CPU is unlikely to get any microcode update any time soon, if ever. So I have to live with this vulnerability for a forseable future.


#13

Sorry, my fault. I installed it directly from mirror and had in mind, that it was in the stable repo. Sorry.


#14

And…my test results are…LOL.

Best regards.


#15

That’s easy…inquiring minds just want to know.:slightly_smiling_face:

Best regards.


#16

It is a known fact, they all ARE effected :wink: Why find out the obvious?

Good chat, again, just wondering.


#17

and yet, not every CPU is affected by all 3 found vulnerabilities and not all 3 have the same critical potential, therefore a checker tool is a good thing.


#18

You guys realise this was a backdoor right? this was designed to steal passwords from memory and access HOST memory from a Guest virtual machine. There is NO real security and there will never be. only recourse is to disconnect.