Rob Gill
GitHub
commit
1c793775ba
|
|
@ -2,16 +2,12 @@ Spectre & Meltdown Checker
|
||||||
==========================
|
==========================
|
||||||
|
|
||||||
A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018.
|
A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018.
|
||||||
|
|
||||||
This includes:
|
|
||||||
- CVE-2017-5753 aka Spectre Variant 1
|
- CVE-2017-5753 aka Spectre Variant 1
|
||||||
- CVE-2017-5715 aka Spectre Variant 2
|
- CVE-2017-5715 aka Spectre Variant 2
|
||||||
- CVE-2017-5754 aka Meltdown or Variant 3
|
- CVE-2017-5754 aka Meltdown or Variant 3
|
||||||
- CVE-2018-3640 aka Variant 3a
|
- CVE-2018-3640 aka Variant 3a
|
||||||
- CVE-2018-3639 aka Variant 4
|
- CVE-2018-3639 aka Variant 4
|
||||||
|
|
||||||
**Note: as CVE-2018-3639 and CVE-2018-3640 are extremely recent (published on May 21th 2018), expect frequent changes of the script in the next days to adjust detection.**
|
|
||||||
|
|
||||||
Supported operating systems:
|
Supported operating systems:
|
||||||
- Linux (all versions, flavors and distros)
|
- Linux (all versions, flavors and distros)
|
||||||
- BSD (FreeBSD, NetBSD, DragonFlyBSD)
|
- BSD (FreeBSD, NetBSD, DragonFlyBSD)
|
||||||
|
|
|
||||||
|
|
@ -124,6 +124,8 @@ opt_verbose=1
|
||||||
opt_variant1=0
|
opt_variant1=0
|
||||||
opt_variant2=0
|
opt_variant2=0
|
||||||
opt_variant3=0
|
opt_variant3=0
|
||||||
|
opt_variant3a=0
|
||||||
|
opt_variant4=0
|
||||||
opt_allvariants=1
|
opt_allvariants=1
|
||||||
opt_no_sysfs=0
|
opt_no_sysfs=0
|
||||||
opt_sysfs_only=0
|
opt_sysfs_only=0
|
||||||
|
|
@ -532,7 +534,7 @@ while [ -n "$1" ]; do
|
||||||
shift
|
shift
|
||||||
elif [ "$1" = "--variant" ]; then
|
elif [ "$1" = "--variant" ]; then
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
echo "$0: error: option --variant expects a parameter (1, 2 or 3)" >&2
|
echo "$0: error: option --variant expects a parameter (1, 2, 3, 3a or 4)" >&2
|
||||||
exit 255
|
exit 255
|
||||||
fi
|
fi
|
||||||
case "$2" in
|
case "$2" in
|
||||||
|
|
@ -2920,7 +2922,7 @@ check_variant3a()
|
||||||
sys_interface_available=0
|
sys_interface_available=0
|
||||||
msg=''
|
msg=''
|
||||||
|
|
||||||
_info_nol " * CPU microcode mitigates the vulnerability: "
|
_info_nol "* CPU microcode mitigates the vulnerability: "
|
||||||
if [ -n "$cpuid_ssbd" ]; then
|
if [ -n "$cpuid_ssbd" ]; then
|
||||||
# microcodes that ship with SSBD are known to also fix variant3a
|
# microcodes that ship with SSBD are known to also fix variant3a
|
||||||
# there is no specific cpuid bit as far as we know
|
# there is no specific cpuid bit as far as we know
|
||||||
|
|
@ -2953,7 +2955,7 @@ check_variant4()
|
||||||
sys_interface_available=1
|
sys_interface_available=1
|
||||||
fi
|
fi
|
||||||
if [ "$opt_sysfs_only" != 1 ]; then
|
if [ "$opt_sysfs_only" != 1 ]; then
|
||||||
_info_nol " * Kernel supports speculation store bypass: "
|
_info_nol "* Kernel supports speculation store bypass: "
|
||||||
if [ "$opt_live" = 1 ]; then
|
if [ "$opt_live" = 1 ]; then
|
||||||
if grep -Eq 'Speculation.?Store.?Bypass:' /proc/self/status 2>/dev/null; then
|
if grep -Eq 'Speculation.?Store.?Bypass:' /proc/self/status 2>/dev/null; then
|
||||||
kernel_ssb='found in /proc/self/status'
|
kernel_ssb='found in /proc/self/status'
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue