peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2025-07-16 07:41:21 +02:00
Code Issues Projects Releases Wiki Activity

Added support for MDS related vulnerabilities (#282)

Browse Source
This commit is contained in:
Agata Gruza
2019-05-14 10:21:20 -07:00
committed by Stéphane Lesimple
parent d547ce4ab4
commit 8e870db4f5
2 changed files with 242 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -1,7 +1,7 @@
Spectre & Meltdown Checker
==========================
A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018.
A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018.
- CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
- CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
- CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
@ -10,6 +10,10 @@ A shell script to tell if your system is vulnerable against the several "specula
- CVE-2018-3615 [L1 terminal fault] aka 'Foreshadow (SGX)'
- CVE-2018-3620 [L1 terminal fault] aka 'Foreshadow-NG (OS)'
- CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow-NG (VMM)'
- CVE-2018-12126 [MSBDS] Microarchitectural Store Buffer Data Sampling
- CVE-2018-12130 [MFBDS] Microarchitectural Fill Buffer Data Sampling
- CVE-2018-12127 [MLPDS] Microarchitectural Load Port Data Sampling
- CVE-2019-11091 [MDSUM] Microarchitectural Data Sampling Uncacheable Memory
Supported operating systems:
- Linux (all versions, flavors and distros)
@ -129,6 +133,14 @@ docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/m
updated kernel (with L1d flush)
- Performance impact of the mitigation: low to significant
**CVE-2018-12126** [MSBDS] Microarchitectural Store Buffer Data Sampling
**CVE-2018-12130** [MFBDS] Microarchitectural Fill Buffer Data Sampling
**CVE-2018-12127** [MLPDS] Microarchitectural Load Port Data Sampling
**CVE-2019-11091** [MDSUM] Microarchitectural Data Sampling Uncacheable Memory
- Impact: Kernel
- Mitigation: microcode update + kernel update making possible to protect various CPU internal buffers from unprivilaged speculative access to data
## Understanding what this script does and doesn't
This tool does its best to determine whether your system is immune (or has proper mitigations in place) for the collectively named "speculative execution" vulnerabilities. It doesn't attempt to run any kind of exploit, and can't guarantee that your system is secure, but rather helps you verifying whether your system has the known correct mitigations in place.