Check Linux for Spectre or Meltdown vulnerability - gHacks Tech News

Check Linux for Spectre or Meltdown vulnerability

Devices running Linux are affected by Spectre and Meltdown vulnerabilities as much as their Windows counterparts.

Development teams work on updated kernels for the various distributions, and users need to update browsers and other software to protect data against potential attacks.

We talked about identifying whether your Windows PC or web browser is vulnerable already. A recently published script does the same for Linux systems. You may use it to check whether your Linux distribution is vulnerable.

Spectre and Meltdown detection for Linux

linux spectre meltdown checker

You run the script if you want to know whether a Linux distribution is vulnerable to Spectre variant 1 and 2, or Meltdown attacks.

Check it out on the official GitHub project page. You find the source there so that you may analyze it before you run it on a system.

You may run the script without parameters to check the running kernel or use options to check a kernel that is not used.

A simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.

Without options, it'll inspect you currently running kernel. You can also specify a kernel image on the command line, if you'd like to inspect a kernel you're not running.

Here is how it works:

  • Open Terminal on the Linux system you want to check.
  • Type cd /tmp/
  • Type wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh. This downloads the script from the GitHub server.
  • Type sudo sh spectre-meltdown-checker.sh. This runs the script with elevated privileges.
  • Type the password.

The script checks each variant individually and lists its finding. If you get "status: vulnerable," the system is vulnerable to the variant. The checks for Spectre variant 2 and Meltdown reveal additional information.

A system that is vulnerable needs a kernel update to protect against potential attacks exploiting these vulnerabilities.

How you get the kernel update depends on the Linux distribution. You select Menu > Administration > Update Manager in Linux Mint to check for available updates. The kernel is not available yet, however.

Once you run the update, rerun the script to verify that the system is no longer vulnerable.

The Spectre & Meltdown Checker supports the scanning of offline kernels as well. Use the parameter −−kernel vmlinux_file for that and if available  −−config kernel_config and −−map kernel_map_file as well

Summary
Check Linux for Spectre or Meltdown vulnerability
Article Name
Check Linux for Spectre or Meltdown vulnerability
Description
Devices running Linux are affected by Spectre and Meltdown vulnerabilities as much as their Windows counterparts. Spectre & Meltdown Checker is a script for Linux that checks whether the Linux kernel is vulnerable.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Luca said on January 11, 2018 at 1:52 pm
    Reply

    Thank you for this useful article! :- )

  2. dark said on January 11, 2018 at 2:18 pm
    Reply

    Awesome. :)

    You can also download spectre-meltdown-checker.sh to your Downloads folder, right click anywhere in Downloads folder, open terminal and then sudo sh spectre-meltdown-checker.sh

  3. leanon said on January 11, 2018 at 4:51 pm
    Reply

    With my current seetings Kernel 4.15.0rv7 is still vulnerable

    https://s17.postimg.org/t622qhmin/S_M.png

  4. pizza pie said on January 12, 2018 at 12:04 am
    Reply

    Have you got CONFIG_PAGE_TABLE_ISOLATION ticked or set to Y?

    It’s under Kernel Hacking > Security Options and listed as
    “Remove the kernel mapping in user mode (PAGE_TABLE_ISOLATION)” about 1/3 of the way down on those options.

    So long as that’s enabled, variant 3 (Meltdown) will be mitigated.

    The other variants are gonna require cpu microcode and a kernel (and the rest) :(recompilation with an updated GCC/LLVM compiler (retpoline). Gotta wait for those new compiler patches to trickle down and then rebuild rebuild rebuild.
    In related news, intel has released new microcode (8/1/2018) but seemingly only for architectures of the last 5 years with later ones having to wait til the end of the month, even removing 2 cpu signature versions for some reason…my ivybridge 0x000309a9 is also waiting :/
    http://metadata.ftp-master.debian.org/changelogs/non-free/i/intel-microcode/intel-microcode_3.20180108.1_changelog

  5. lehnerus2000 said on January 12, 2018 at 3:41 am
    Reply

    Thanks Martin. :)

  6. ilev said on January 12, 2018 at 8:27 am
    Reply

    Ashampoo Spectre Meltdown CPU Checker 1.0.0 for Windows

    https://www.ashampoo.com/en/usd/media/1304

  7. shiro said on January 12, 2018 at 4:21 pm
    Reply

    Martin, when you asked about your new layout/site, I said it wasn’t my thing. That was personal taste, not something functional. This is: I keep the articles I like by printing them to pdf. This no longer works – the layout is screwed up and most parts not printed. Any chance for a return of printability or save link to pdf?

    1. Martin Brinkmann said on January 12, 2018 at 5:25 pm
      Reply

      We are working on it!

      1. shiro said on January 12, 2018 at 6:44 pm
        Reply

        Thanks!!

  8. Jason said on January 12, 2018 at 9:42 pm
    Reply

    Nice find, Martin. I’m getting “not vulnerable” on the first question (CPU microcode) on Variant 1, and also on Variant 3. I believe the Variant 3 stuff was patched when I updated to kernel 4.13 a couple of days ago. The CPU microcode thing just got patched moments ago when I installed the new Intel microcode.

    Still a long way to go before all those red flags go away…. If I’ve understood correctly, we’re talking months, not days, right?

  9. Curt Vaughan said on January 13, 2018 at 8:23 pm
    Reply

    Interesting – there is a script available from Intel called “intel_sa00086.py” which claims to check for kernel patch vulnerabilities. On my Dell XPS 13, running Mint 18.3 Cinnamon with kernel 4.10.0-42, it claims I’m patched and safe. Your script indicates “Vulnerable” with each of your tests. This machine has the latest Dell BIOS update supposedly addressing this issue, which I downloaded and applied two days ago. I’m inclined to think Intel’s test to be a bit optimistic. It is my hope that both Dell (and other vendors) and Intel are aware of these inconsistencies.

    Thanks for your efforts!

  10. vas87 said on January 15, 2018 at 12:56 pm
    Reply

    Hi Martin,
    I have run your script on my linux box. From the various status results, I got one status as vulnerable.

    STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability

    Can I check using some steps, that the above result is not false-positive ???

    Thanks.

    1. Martin Brinkmann said on January 15, 2018 at 1:02 pm
      Reply

      I suggest you check which kernel you run and then with your distro to find out which kernel includes the patches.

    2. dark said on January 16, 2018 at 7:17 pm
      Reply

      Its likely going to take months to patch variant 2 vulnerability.
      Variant 1 is patched with CPU microcode updates i think.
      Variant 3 is patched in Linux kernel.

  11. Michael H said on January 23, 2018 at 4:03 pm
    Reply

    To patch variant 3(Page Table Isolation), is a 64 bit OS required? I run 32 bit Linux Mint and after running the script, it shows “vulnerable” for this variant.

  12. WRR said on January 24, 2018 at 9:21 pm
    Reply

    I am not sure I trust this – I happen to have access to an Itanium system, and the script tags is as vulnerable, in spite of the fact that the IA64 architecture is not vulnerable to these attacks.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.