Maybe of use to some of you:
https://github.com/speed47/spectre-meltdown-checker
(Browse the code before running it)
Script to check for Meltdown and/or Spectre vulnerability
Script to check for Meltdown and/or Spectre vulnerability
Chris
MX 18 MX 19 - Manjaro
MX 18 MX 19 - Manjaro
- BrianLinuxing
- Posts: 1
- Joined: Sat Dec 30, 2017 7:16 am
Re: Script to check for Meltdown and/or Spectre vulnerability
Yeah Chris, its a curate's egg that script.
I've been running it since its first few released versions.
Not much good on ARM, or on my (patched) iMac running 4.14, but hopefully it will be fixed over time.
I've been running it since its first few released versions.
Not much good on ARM, or on my (patched) iMac running 4.14, but hopefully it will be fixed over time.
Re: Script to check for Meltdown and/or Spectre vulnerability
run script with latest liquorix kernel, this is what i got on my old pc e5400.
You do not have the required permissions to view the files attached to this post.
MX-17.1_x64 Horizon, G41M-P33 Combo (MS-7592), Pentium E5400 (2706 MHz), 8Gb RAM (984 MT/s),
Intel 4 Series Integrated Graphics, Realtek PCIe Fast RTL8101/2/6E, PCI Gigabit RTL8169 Ethernets.
Accepted Linux when i found MX-Linux in 2016.
Intel 4 Series Integrated Graphics, Realtek PCIe Fast RTL8101/2/6E, PCI Gigabit RTL8169 Ethernets.
Accepted Linux when i found MX-Linux in 2016.
Re: Script to check for Meltdown and/or Spectre vulnerability
AMD looks a bit better, but Spectre variant 1 looks like it will be a long-term problem.
You do not have the required permissions to view the files attached to this post.
HP Pavillion TP01, AMD Ryzen 3 5300G (quad core), Crucial 500GB SSD, Toshiba 6TB 7200rpm
Dell Inspiron 15, AMD Ryzen 7 2700u (quad core). Sabrent 500GB nvme, Seagate 1TB
Dell Inspiron 15, AMD Ryzen 7 2700u (quad core). Sabrent 500GB nvme, Seagate 1TB
Re: Script to check for Meltdown and/or Spectre vulnerability
I get the same as Tim on my AMD with the 4.14.0-3 kernel installed from MXPI Popular packages>Kernel. From what I have read the Spectre Vulnerability is less likely. Whether it is or not, not much can be done at this point. Also keep browsers up to date. Latest FF is hardened and Goggle Chrome should be within the next few days.
Forum Rules
Guide - How to Ask for Help
richb Administrator
System: MX 23 KDE
AMD A8 7600 FM2+ CPU R7 Graphics, 16 GIG Mem. Three Samsung EVO SSD's 250 GB
Guide - How to Ask for Help
richb Administrator
System: MX 23 KDE
AMD A8 7600 FM2+ CPU R7 Graphics, 16 GIG Mem. Three Samsung EVO SSD's 250 GB
Re: Script to check for Meltdown and/or Spectre vulnerability (Updated)
Here's a test specifically for Spectre vulnerability in Browsers:
http://xlab.tencent.com/special/spectre ... check.html
http://xlab.tencent.com/special/spectre ... check.html
Chris
MX 18 MX 19 - Manjaro
MX 18 MX 19 - Manjaro
Re: Script to check for Meltdown and/or Spectre vulnerability
Downloaded from github and my new Intel mobile quad core Pentium running MX-17 and old Atom (manufactured in 2011) running MX-16 PAE or Liquorix are "vulnerable" through and through. I'd read that Atom CPUs more than 5 years old are not vulnerable, but there's a lot of misinformation out there about S&M or maybe the script doesn't comprehend Atom. I'll have to look at the script more closely.
I wonder when the new kernels will float downstream to MX to at least reduce my vulnerabilities. I was hoping I could just use my Atom for javascript browsing. I just installed fresh Ubuntu Mate on my PPC G4 Mac-Mini. Maybe it's safe from S&M. Too bad PPC support is dropping like files--especially given S&M these days.
I wonder when the new kernels will float downstream to MX to at least reduce my vulnerabilities. I was hoping I could just use my Atom for javascript browsing. I just installed fresh Ubuntu Mate on my PPC G4 Mac-Mini. Maybe it's safe from S&M. Too bad PPC support is dropping like files--especially given S&M these days.
Re: Script to check for Meltdown and/or Spectre vulnerability
Just backported the latest intel-microcode from Sid, the script is now a little better:
For my i5-6200U CPU.
The Debian changelog also mentions this mitigation. The new microcode should come down the pipe soon, but requires a reboot in order to load.
Code: Select all
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: YES
The Debian changelog also mentions this mitigation. The new microcode should come down the pipe soon, but requires a reboot in order to load.
Re: Script to check for Meltdown and/or Spectre vulnerability
The changes in the kernels to mitigate Meltdown are currently only for 64-bit. It's hard to find any explanation online as to why this situation happened, though. O̶n̶e̶ ̶A̶r̶c̶h̶ ̶u̶s̶e̶r̶ ̶r̶e̶p̶o̶r̶t̶s̶ ̶t̶h̶a̶t̶ ̶h̶i̶s̶ ̶3̶2̶-̶b̶i̶t̶ ̶k̶e̶r̶n̶e̶l̶ ̶h̶a̶s̶ ̶K̶P̶T̶I̶ ̶m̶i̶t̶i̶g̶a̶t̶i̶o̶n̶ ̶w̶o̶r̶k̶i̶n̶g̶.̶.̶.̶w̶h̶i̶c̶h̶ ̶s̶e̶e̶m̶s̶ ̶o̶d̶d̶,̶ ̶s̶i̶n̶c̶e̶ ̶I̶ ̶t̶h̶o̶u̶g̶h̶t̶ ̶A̶r̶c̶h̶ ̶d̶r̶o̶p̶p̶e̶d̶ ̶3̶2̶-̶b̶i̶t̶ ̶s̶u̶p̶p̶o̶r̶t̶.̶ Edit: Sorry, it was a 64-bit kernel, my mistake.calinb wrote:Downloaded from github and my new Intel mobile quad core Pentium running MX-17 and old Atom (manufactured in 2011) running MX-16 PAE or Liquorix are "vulnerable" through and through. I'd read that Atom CPUs more than 5 years old are not vulnerable, but there's a lot of misinformation out there about S&M or maybe the script doesn't comprehend Atom. I'll have to look at the script more closely.
I wonder when the new kernels will float downstream to MX to at least reduce my vulnerabilities. I was hoping I could just use my Atom for javascript browsing. I just installed fresh Ubuntu Mate on my PPC G4 Mac-Mini. Maybe it's safe from S&M. Too bad PPC support is dropping like files--especially given S&M these days.
Re: Script to check for Meltdown and/or Spectre vulnerability
Good info, Stevo. Thanks! Hopefully at least 64-bit will be along soon. I could build a kernel myself, but haven't done it in years. If I resort to rolling my own, hopefully it will not be difficult to make a more resistant 32-bit kernel too. From my past experiences, the Gentoo forum may be of some assistance. Gentoo still supports PPC!Stevo wrote: The changes in the kernels to mitigate Meltdown are currently only for 64-bit. It's hard to find any explanation online as to why this situation happened, though. O̶n̶e̶ ̶A̶r̶c̶h̶ ̶u̶s̶e̶r̶ ̶r̶e̶p̶o̶r̶t̶s̶ ̶t̶h̶a̶t̶ ̶h̶i̶s̶ ̶3̶2̶-̶b̶i̶t̶ ̶k̶e̶r̶n̶e̶l̶ ̶h̶a̶s̶ ̶K̶P̶T̶I̶ ̶m̶i̶t̶i̶g̶a̶t̶i̶o̶n̶ ̶w̶o̶r̶k̶i̶n̶g̶.̶.̶.̶w̶h̶i̶c̶h̶ ̶s̶e̶e̶m̶s̶ ̶o̶d̶d̶,̶ ̶s̶i̶n̶c̶e̶ ̶I̶ ̶t̶h̶o̶u̶g̶h̶t̶ ̶A̶r̶c̶h̶ ̶d̶r̶o̶p̶p̶e̶d̶ ̶3̶2̶-̶b̶i̶t̶ ̶s̶u̶p̶p̶o̶r̶t̶.̶ Edit: Sorry, it was a 64-bit kernel, my mistake.
Speaking of PPC, I did a little research and I could find no one who has demonstrated a vulnerability in my Mac Mini's 7447a PPC CPU. It may be a case of not enough attention though, which is both bad and good (less helpful research but also not a prime target for hackers). An attack has been demonstrated on a G5 CPU, however, but the same attack reportedly leaked nothing from a 7447a.