CNXSoft – Embedded Systems News

Check for Spectre, Meltdown, and L1 Terminal Fault Vulnerabilities with Spectre-meltdown-checker Script

Yesterday, we wrote a little bit about the new speculative execution vulnerability known as L1 Terminal Fault (L1TF) or Foreshadow, and a reader – MHSadri – pointed to an interesting script that checks for all three speculative execution vulnerabilities, and runs in Linux and BSD (FreeBSD, NetBSD, DragonFlyBSD)  across multiple architectures: Intel x32, AMD64, Arm and ARM64. Other architectures will also work, but mitigation reporting may not be correct.

So I tried it on my own machine, a computer running Ubuntu 18.04 on an AMD FX8350 processor.

Installation is easy:

The developer recommends to check the script manually first, just for security sake. You can have two way to run it: either directly inside your OS, or via docker which may be a better idea since it would not be able to mess with your system especially I had to run it with sudo to avoid permission issues.

Here’s the full output while running the script in a terminal window in my computer:

So if I read that right my machine implements mitigation for all variant of Spectre and Meltdown, and is not affected by L1 terminal fault as expected for an AMD processor.

However, trying on some remote computer with an Intel Xeon processor tells a different story:

The system is not only vulnerable to L1 terminal fault, but also to Meltdown variant 3a and 4. Other variants of Spectre and Meltdown (not shown) are “NOT VULNERABLE” with mitigations already implemented.