Check your system for several "speculative execution" vulnerabilities with a single bash script
After the first disclosure of CVEs related to speculative execution vulnerabilities (Meltdown and Spectre) on CPUs, a lot of researcher started to analyze the CPUs in order to find other vulerabilities and possible exploit techniques.
Just some days ago a new a speculative execution attack on Intel processors has been released.
Named "Foreshadow", it allows an attacker to steal sensitive information stored inside personal computers or third party clouds.
The technique comes with two "flavours": the original attack designed to extract data from SGX enclaves, and a Next-Generation version which affects Virtual Machines, hypervisors, kernel memory, and System Management Mode memory.
https://youtu.be/ynB1inl4G3c
So, currently the list of vulnerability is pretty long, and an automated tool for check this CVEs on your system could be really useful.
Luckly, Stéphane Lesimple has released a bash script, dubbed "spectre-meltdown-checker" that automatically scans the local system in order to check if the CPU/Kernel is currently vulnerable to a speculative execution attack.
The tool is frequently update, in order to follow the new releases of vulnerabilities.
The last version allows checking of this CVEs:
- CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
- CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
- CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
- CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
- CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
- CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow & Foreshadow-NG'
Which operating systems are supported?
The script is developed for linux systems, where will detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number and the distribution, but runs correctly also on BSD:
Supported operating systems:
- Linux (all versions, flavors and distros)
- BSD (FreeBSD, NetBSD, DragonFlyBSD)
Supported architectures:
- x86 (32 bits)
- amd64/x86_64 (64 bits)
- ARM and ARM64
- other architectures will work, but mitigations (if they exist) might not always be detected
How to use the script?
Stéphane Lesimple has also registered a specific domain (meltdown.ovh) that outputs the last version of the script, in order to simplify download and execution of the tool on your linux box:
- Get the latest version of the script using
curlorwget
curl -L https://meltdown.ovh -o spectre-meltdown-checker.sh
wget https://meltdown.ovh -O spectre-meltdown-checker.sh
- Inspect the script. You never blindly run scripts you downloaded from the Internet, do you?
vim spectre-meltdown-checker.sh
- When you're ready, run the script as root
chmod +x spectre-meltdown-checker.sh
sudo ./spectre-meltdown-checker.sh
The output of the script is simple and understandable, here the output on my workstation:
Yep, i know: my system is vulnerable to some latest attacks :-)