commit
1c793775ba
|
@ -2,16 +2,12 @@ Spectre & Meltdown Checker
|
|||
==========================
|
||||
|
||||
A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018.
|
||||
|
||||
This includes:
|
||||
- CVE-2017-5753 aka Spectre Variant 1
|
||||
- CVE-2017-5715 aka Spectre Variant 2
|
||||
- CVE-2017-5754 aka Meltdown or Variant 3
|
||||
- CVE-2018-3640 aka Variant 3a
|
||||
- CVE-2018-3639 aka Variant 4
|
||||
|
||||
**Note: as CVE-2018-3639 and CVE-2018-3640 are extremely recent (published on May 21th 2018), expect frequent changes of the script in the next days to adjust detection.**
|
||||
|
||||
Supported operating systems:
|
||||
- Linux (all versions, flavors and distros)
|
||||
- BSD (FreeBSD, NetBSD, DragonFlyBSD)
|
||||
|
|
|
@ -124,6 +124,8 @@ opt_verbose=1
|
|||
opt_variant1=0
|
||||
opt_variant2=0
|
||||
opt_variant3=0
|
||||
opt_variant3a=0
|
||||
opt_variant4=0
|
||||
opt_allvariants=1
|
||||
opt_no_sysfs=0
|
||||
opt_sysfs_only=0
|
||||
|
@ -532,7 +534,7 @@ while [ -n "$1" ]; do
|
|||
shift
|
||||
elif [ "$1" = "--variant" ]; then
|
||||
if [ -z "$2" ]; then
|
||||
echo "$0: error: option --variant expects a parameter (1, 2 or 3)" >&2
|
||||
echo "$0: error: option --variant expects a parameter (1, 2, 3, 3a or 4)" >&2
|
||||
exit 255
|
||||
fi
|
||||
case "$2" in
|
||||
|
@ -2920,7 +2922,7 @@ check_variant3a()
|
|||
sys_interface_available=0
|
||||
msg=''
|
||||
|
||||
_info_nol " * CPU microcode mitigates the vulnerability: "
|
||||
_info_nol "* CPU microcode mitigates the vulnerability: "
|
||||
if [ -n "$cpuid_ssbd" ]; then
|
||||
# microcodes that ship with SSBD are known to also fix variant3a
|
||||
# there is no specific cpuid bit as far as we know
|
||||
|
@ -2953,7 +2955,7 @@ check_variant4()
|
|||
sys_interface_available=1
|
||||
fi
|
||||
if [ "$opt_sysfs_only" != 1 ]; then
|
||||
_info_nol " * Kernel supports speculation store bypass: "
|
||||
_info_nol "* Kernel supports speculation store bypass: "
|
||||
if [ "$opt_live" = 1 ]; then
|
||||
if grep -Eq 'Speculation.?Store.?Bypass:' /proc/self/status 2>/dev/null; then
|
||||
kernel_ssb='found in /proc/self/status'
|
||||
|
|
Loading…
Reference in New Issue