Check for Spectre, Meltdown, and L1 Terminal Fault Vulnerabilities with Spectre-meltdown-checker Script

Yesterday, we wrote a little bit about the new speculative execution vulnerability known as L1 Terminal Fault (L1TF) or Foreshadow, and a reader – MHSadri – pointed to an interesting script that checks for all three speculative execution vulnerabilities, and runs in Linux and BSD (FreeBSD, NetBSD, DragonFlyBSD)  across multiple architectures: Intel x32, AMD64, Arm and ARM64. Other architectures will also work, but mitigation reporting may not be correct.

So I tried it on my own machine, a computer running Ubuntu 18.04 on an AMD FX8350 processor.

Spectre Meltdown Foreshadow CheckerInstallation is easy:


The developer recommends to check the script manually first, just for security sake. You can have two way to run it: either directly inside your OS, or via docker which may be a better idea since it would not be able to mess with your system especially I had to run it with sudo to avoid permission issues.

Here’s the full output while running the script in a terminal window in my computer:


So if I read that right my machine implements mitigation for all variant of Spectre and Meltdown, and is not affected by L1 terminal fault as expected for an AMD processor.

However, trying on some remote computer with an Intel Xeon processor tells a different story:


The system is not only vulnerable to L1 terminal fault, but also to Meltdown variant 3a and 4. Other variants of Spectre and Meltdown (not shown) are “NOT VULNERABLE” with mitigations already implemented.

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

ROCK 5 ITX Rockchip RK3588 mini-ITX motherboard
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
5 Comments
oldest
newest
ahmad
ahmad
6 years ago

in my system laravel not to instal any one to help me

blu
blu
6 years ago

A nifty script, with one remark: on arm big.LITTLE it reports the CPU as the first encountered uarch, even though the checks are performed against all present uarchs — so for instance a machine with big A72 cores is properly identified as vulnerable to Spectre variants 1, 2, 3a & 4, even though the CPU might be reported as A53.

willy
willy
6 years ago

I hate running unknown tools under sudo and preferred to read it first. That’s a very well written script, like I’ve not seen for a long time. And in addition it’s useful, maybe it will remind many admins that it’s still possible to write useful tools without having to install $whatever_new_language_of_the_day. As is often the case, well written scripts work well 🙂 Just an advice to the author, instead of requiring sudo for the whole script, it’s often better to have a SUDO variable in it for the rare commands that require sudo, and ask users to run “SUDO=sudo ./script”.… Read more »

MHSadri
MHSadri
6 years ago

@cnx-software, using AMD CPU? Other people are not so lucky! See some pretty shocking stats about the effectiveness of those flaws in clouds, VPSes laptops, desktops, … as well as softwares (Web Browsers, OS, Antivirus, …) Summary of the patch status for Meltdown / Spectre https://github.com/hannob/meltdownspectre-patches Meltdown and Spectre .. for normal people: https://github.com/neuhalje/presentation_meltdown_spectre https://meltdownattack.com/meltdown.pdf So, according to the results, if you are browsing the web, you may be targeting by hackers’ espionage through browser’s other tab! Multi-tab browsers became the new toy in the hands of hackers / intelligence agencies to get what they are looking for! I have… Read more »

sander
sander
6 years ago

Check out “bug” in /proc/cpuinfo:

My brandnew i3 (with Linux 4.1something)
$ grep bug /proc/cpuinfo | sort -u
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass

An old XEON (with Linux 3.something)
$ grep bug /proc/cpuinfo | sort -u
fdiv_bug : no
f00f_bug : no
coma_bug : no

An old Atom (with Linux 3.something)
$ grep bug /proc/cpuinfo | sort -u
coma_bug : no
f00f_bug : no
fdiv_bug : no

Boardcon Rockchip RK3588S SBC with 8K, WiFI 6, 4G LTE, NVME SSD, HDMI 2.1...