Check for Spectre, Meltdown, and L1 Terminal Fault Vulnerabilities with Spectre-meltdown-checker Script

Yesterday, we wrote a little bit about the new speculative execution vulnerability known as L1 Terminal Fault (L1TF) or Foreshadow, and a reader – MHSadri – pointed to an interesting script that checks for all three speculative execution vulnerabilities, and runs in Linux and BSD (FreeBSD, NetBSD, DragonFlyBSD)  across multiple architectures: Intel x32, AMD64, Arm and ARM64. Other architectures will also work, but mitigation reporting may not be correct.

So I tried it on my own machine, a computer running Ubuntu 18.04 on an AMD FX8350 processor.

Spectre Meltdown Foreshadow CheckerInstallation is easy:


The developer recommends to check the script manually first, just for security sake. You can have two way to run it: either directly inside your OS, or via docker which may be a better idea since it would not be able to mess with your system especially I had to run it with sudo to avoid permission issues.

Here’s the full output while running the script in a terminal window in my computer:


So if I read that right my machine implements mitigation for all variant of Spectre and Meltdown, and is not affected by L1 terminal fault as expected for an AMD processor.

However, trying on some remote computer with an Intel Xeon processor tells a different story:


The system is not only vulnerable to L1 terminal fault, but also to Meltdown variant 3a and 4. Other variants of Spectre and Meltdown (not shown) are “NOT VULNERABLE” with mitigations already implemented.

Support CNX Software - Donate via PayPal or become a Patron on Patreon
Advertisements
Subscribe
Notify of
guest
5 Comments
oldest
newest most voted
ahmad
ahmad
1 year ago

in my system laravel not to instal any one to help me

blu
blu
1 year ago

A nifty script, with one remark: on arm big.LITTLE it reports the CPU as the first encountered uarch, even though the checks are performed against all present uarchs — so for instance a machine with big A72 cores is properly identified as vulnerable to Spectre variants 1, 2, 3a & 4, even though the CPU might be reported as A53.

willy
willy
1 year ago

I hate running unknown tools under sudo and preferred to read it first. That’s a very well written script, like I’ve not seen for a long time. And in addition it’s useful, maybe it will remind many admins that it’s still possible to write useful tools without having to install $whatever_new_language_of_the_day. As is often the case, well written scripts work well 🙂 Just an advice to the author, instead of requiring sudo for the whole script, it’s often better to have a SUDO variable in it for the rare commands that require sudo, and ask users to run “SUDO=sudo ./script”.… Read more »

MHSadri
MHSadri
1 year ago

@cnx-software, using AMD CPU? Other people are not so lucky! See some pretty shocking stats about the effectiveness of those flaws in clouds, VPSes laptops, desktops, … as well as softwares (Web Browsers, OS, Antivirus, …) Summary of the patch status for Meltdown / Spectre https://github.com/hannob/meltdownspectre-patches Meltdown and Spectre .. for normal people: https://github.com/neuhalje/presentation_meltdown_spectre https://meltdownattack.com/meltdown.pdf So, according to the results, if you are browsing the web, you may be targeting by hackers’ espionage through browser’s other tab! Multi-tab browsers became the new toy in the hands of hackers / intelligence agencies to get what they are looking for! I have… Read more »

sander
sander
1 year ago

Check out “bug” in /proc/cpuinfo:

My brandnew i3 (with Linux 4.1something)
$ grep bug /proc/cpuinfo | sort -u
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass

An old XEON (with Linux 3.something)
$ grep bug /proc/cpuinfo | sort -u
fdiv_bug : no
f00f_bug : no
coma_bug : no

An old Atom (with Linux 3.something)
$ grep bug /proc/cpuinfo | sort -u
coma_bug : no
f00f_bug : no
fdiv_bug : no

Advertisements