mirror of
https://github.com/speed47/spectre-meltdown-checker.git
synced 2025-07-15 07:11:22 +02:00
Compare commits
67 Commits
Author | SHA1 | Date | |
---|---|---|---|
edebe4dcd4 | |||
83ea78f523 | |||
602b68d493 | |||
97bccaa0d7 | |||
68e619b0d3 | |||
a6f4475cee | |||
223f5028df | |||
c0108b9690 | |||
a3016134bd | |||
59d85b39c9 | |||
baaefb0c31 | |||
d452aca03a | |||
10b8d94724 | |||
8606e60ef7 | |||
6a48251647 | |||
f4bf5e95ec | |||
60eac1ad43 | |||
b3cc06a6ad | |||
5553576e31 | |||
e16ad802da | |||
29c294edff | |||
59714011db | |||
51e8261a32 | |||
2a4bfad835 | |||
7e52cea66e | |||
417d7aab91 | |||
67bf761029 | |||
0eabd266ad | |||
b77fb0f226 | |||
89c2e0fb21 | |||
b88f32ed95 | |||
7a4ebe8009 | |||
0919f5c236 | |||
de02dad909 | |||
07484d0ea7 | |||
a8b557b9e2 | |||
619b2749d8 | |||
94857c983d | |||
056ed00baa | |||
aef99d20f3 | |||
e2d7ed2243 | |||
eeaeff8ec3 | |||
f5269a362a | |||
f3883a37a0 | |||
b6fd69a022 | |||
7adb7661f3 | |||
c7892e3399 | |||
aa74315df4 | |||
0b8a09ec70 | |||
b42d8f2f27 | |||
f191ec7884 | |||
28da7a0103 | |||
ece25b98a1 | |||
889172dbb1 | |||
37ce032888 | |||
701cf882ad | |||
6a94c3f158 | |||
2d993812ab | |||
4961f8327f | |||
ecdc448531 | |||
12ea49fe0c | |||
053f1613de | |||
bda18d04a0 | |||
2551295541 | |||
d5832dc1dc | |||
d2f46740e9 | |||
2f6a6554a2 |
23
README.md
23
README.md
@ -1,20 +1,29 @@
|
||||
Spectre & Meltdown Checker
|
||||
==========================
|
||||
|
||||
A simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
|
||||
A shell script to tell if your system is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
|
||||
|
||||
Without options, it'll inspect your currently running kernel.
|
||||
You can also specify a kernel image on the command line, if you'd like to inspect a kernel you're not running.
|
||||
Supported operating systems:
|
||||
- Linux (all versions, flavors and distros)
|
||||
- BSD (FreeBSD, NetBSD, DragonFlyBSD)
|
||||
|
||||
The script will do its best to detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number.
|
||||
Supported architectures:
|
||||
- x86 (32 bits)
|
||||
- amd64/x86_64 (64 bits)
|
||||
- ARM and ARM64
|
||||
- other architectures will work, but mitigations (if they exist) might not always be detected
|
||||
|
||||
For Linux systems, the script will detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number and the distribution (such as Debian, Ubuntu, CentOS, RHEL, Fedora, openSUSE, Arch, ...), it also works if you've compiled your own kernel.
|
||||
|
||||
For BSD systems, the detection will work as long as the BSD you're using supports `cpuctl` and `linprocfs` (this is not the case of OpenBSD for example).
|
||||
|
||||
## Easy way to run the script
|
||||
|
||||
- Get the latest version of the script using `curl` *or* `wget`
|
||||
|
||||
```bash
|
||||
curl -L meltdown.ovh -o spectre-meltdown-checker.sh
|
||||
wget meltdown.ovh -O spectre-meltdown-checker.sh
|
||||
curl -L https://meltdown.ovh -o spectre-meltdown-checker.sh
|
||||
wget https://meltdown.ovh -O spectre-meltdown-checker.sh
|
||||
```
|
||||
|
||||
- Inspect the script. You never blindly run scripts you downloaded from the Internet, do you?
|
||||
@ -74,6 +83,6 @@ Your system exposure also depends on your CPU. As of now, AMD and ARM processors
|
||||
|
||||
The nature of the discovered vulnerabilities being quite new, the landscape of vulnerable processors can be expected to change over time, which is why this script makes the assumption that all CPUs are vulnerable, except if the manufacturer explicitly stated otherwise in a verifiable public announcement.
|
||||
|
||||
Please also note that for Spectre vulnerabilities, all software can possibly be exploited, this tool only verifies that the kernel (which is the core of the system) you're using has the proper protections in place. Verifying all the other software is out of the scope of this tool. As a general measure, ensure you always have the most up to date stable versions of all the softwares you use, especially for those who are exposed to the world, such as network daemons and browsers.
|
||||
Please also note that for Spectre vulnerabilities, all software can possibly be exploited, this tool only verifies that the kernel (which is the core of the system) you're using has the proper protections in place. Verifying all the other software is out of the scope of this tool. As a general measure, ensure you always have the most up to date stable versions of all the software you use, especially for those who are exposed to the world, such as network daemons and browsers.
|
||||
|
||||
This tool has been released in the hope that it'll be useful, but don't use it to jump to conclusions about your security.
|
||||
|
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user