Meltdown: another PoC in the wild
Pavel Boldin published a new PoC exploit of Meltdown vulnerability working on Linux, written in C.
"Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache."
Can only dump
linux_proc_banner
at the moment, since requires accessed memory to be in cache andlinux_proc_banner
is cached on every read from/proc/version
. Might work withprefetch
.
Build and run
Build with make
, run with ./run.sh
.
Can't defeat KASLR yet, so you may need to enter your password to find linux_proc_banner
in the /proc/kallsyms
(or do it manually).
If it compiles but fails with Illegal instruction
then either your hardware is very old or it is a VM. Try compiling with:
$ make CFLAGS=-DHAVE_RDTSCP=0 clean all
Pandora's box is open.
Vulnerable CPUs list
Here the list (continuosly updated): https://github.com/paboldin/meltdown-exploit/issues/19