Spectre & Meltdown Checker – CPU芯片漏洞检查脚本Linux版

处理器Meltdown与Spectre漏洞修复简要指南

 

Summary of the CVEs in Spectre & Meltdown Checker

CVE-2017-5753 bounds check bypass (Spectre Variant 1)

  • Impact: Kernel & all software
  • Mitigation: recompile software and kernel with a modified compiler that introduces the LFENCE opcode at the proper positions in the resulting code
  • Performance impact of the mitigation: negligible

CVE-2017-5715 branch target injection (Spectre Variant 2)

  • Impact: Kernel
  • Mitigation 1: new opcode via microcode update that should be used by up to date compilers to protect the BTB (by flushing indirect branch predictors)
  • Mitigation 2: introducing “retpoline” into compilers, and recompile software/OS with it
  • Performance impact of the mitigation: high for mitigation 1, medium for mitigation 2, depending on your CPU

CVE-2017-5754 rogue data cache load (Meltdown)

  • Impact: Kernel
  • Mitigation: updated kernel (with PTI/KPTI patches), updating the kernel is enough
  • Performance impact of the mitigation: low to medium

There are some other more generic BASH scripts for security scanning like:

– unix-privesc-check – Unix/Linux User Privilege Escalation Scanner
– LinEnum – Linux Enumeration & Privilege Escalation Tool

You can download Spectre & Meltdown Checker here:

spectre-meltdown-checker.sh

posted @ 2018-01-11 16:41  🍍  阅读(321)  评论(0编辑  收藏  举报