Meltdown: another PoC in the wild

Pavel Boldin published a new PoC exploit of Meltdown vulnerability working on Linux, written in C.

“Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache.”

Can only dump linux_proc_banner at the moment, since requires accessed memory to be in cache and linux_proc_banner is cached on every read from /proc/version. Might work with prefetch.


Build and run

Build with make, run with ./run.sh.

Can’t defeat KASLR yet, so you may need to enter your password to find linux_proc_banner in the /proc/kallsyms (or do it manually).

If it compiles but fails with Illegal instruction then either your hardware is very old or it is a VM. Try compiling with:

$ make CFLAGS=-DHAVE_RDTSCP=0 clean all

Pandora’s box is open.


Vulnerable CPUs list

Here the list (continuosly updated): https://github.com/paboldin/meltdown-exploit/issues/19


More information and download

Comments