Check for Spectre, Meltdown, and L1 Terminal Fault Vulnerabilities with Spectre-meltdown-checker Script

Spectre Meltdown Foreshadow Checker

Yesterday, we wrote a little bit about the new speculative execution vulnerability known as L1 Terminal Fault (L1TF) or Foreshadow, and a reader – MHSadri – pointed to an interesting script that checks for all three speculative execution vulnerabilities, and runs in Linux and BSD (FreeBSD, NetBSD, DragonFlyBSD)  across multiple architectures: Intel x32, AMD64, Arm and ARM64. Other architectures will also work, but mitigation reporting may not be correct. So I tried it on my own machine, a computer running Ubuntu 18.04 on an AMD FX8350 processor. Installation is easy: The developer recommends to check the script manually first, just for security sake. You can have two way to run it: either directly inside your OS, or via docker which may be a better idea since it would not be able to mess with your system especially I had to run it with sudo to avoid permission issues. Here’s the full output while running the script in a terminal window …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

More Speculative Execution Exploits – Meet Foreshadow / L1 Terminal Fault

Speculative execution is a feature to speed up performance of recent processors which works by predicting and loading likely future instructions ahead of time.  The features became somewhat famous a few months ago with Meltdown and Spectre vulnerabilities exploiting the features. The exploits impact Intel, AMD, Arm, and other processors to various degrees, and since the feature is built-in into the hardware, there’s no easy fix, and instead operating systems vendors, cloud service providers, hosting services and other stakeholders implemented mitigations. While a lot of progress has been made, work is still going on with the just released Linux 4.18 still getting some code changes related to the exploits. But just as solutions were found for Spectre and Meltdown, a new speculative execution exploitation has raised its ugly head: L1 Terminal Fault also known as Foreshadow.  The new flaw appears to be just as serious, and a dedicated website has been setup. Two versions of the exploit have been announced …

Support CNX Software – Donate via PayPal or become a Patron on Patreon