Welcome!

Please read this important information about Spectre and Meltdown vulnerabilities.
Please read this important information about MX sources lists.
News
  • MX Linux on social media: here
  • Mepis support still here
Current releases
  • MX-17 Final release info here
  • MX-16.1 release info here
  • antiX-17 release info here
    New users
    • Please read this first, and don't forget to add system and hardware information to posts!
    • Read Forum Rules

Script to check for Meltdown and/or Spectre vulnerability

Message
Author
ChrisUK
Forum Novice
Forum  Novice
Posts: 25
Joined: Tue Dec 12, 2017 1:04 pm

Script to check for Meltdown and/or Spectre vulnerability

#1 Postby ChrisUK » Thu Jan 11, 2018 4:30 pm

Maybe of use to some of you:

https://github.com/speed47/spectre-meltdown-checker

(Browse the code before running it)

BrianLinuxing
Forum Novice
Forum  Novice
Posts: 1
Joined: Sat Dec 30, 2017 7:16 am

Re: Script to check for Meltdown and/or Spectre vulnerability

#2 Postby BrianLinuxing » Fri Jan 12, 2018 11:09 am

Yeah Chris, its a curate's egg that script.

I've been running it since its first few released versions.

Not much good on ARM, or on my (patched) iMac running 4.14, but hopefully it will be fixed over time.

User avatar
stsoh
Forum Regular
Forum Regular
Posts: 146
Joined: Sun Aug 20, 2017 10:11 am

Re: Script to check for Meltdown and/or Spectre vulnerability

#3 Postby stsoh » Fri Jan 12, 2018 12:00 pm

run script with latest liquorix kernel, this is what i got on my old pc e5400.
You do not have the required permissions to view the files attached to this post.
Intel Dual core E5400, cache 2MB, 3145MHz, 8GB RAM
Mesa DRI Intel G41, RTL8169 PCI Gigabit, Intel NM10/ICH7HD Audio
being wise, does not means u r not dumb.
being dumb, does not means u r not wise.
easy to blame other than to admit own fault.

User avatar
timkb4cq
Forum Veteran
Forum Veteran
Posts: 3960
Joined: Wed Jul 12, 2006 4:05 pm

Re: Script to check for Meltdown and/or Spectre vulnerability

#4 Postby timkb4cq » Fri Jan 12, 2018 1:14 pm

AMD looks a bit better, but Spectre variant 1 looks like it will be a long-term problem.
Screenshot1.jpg
You do not have the required permissions to view the files attached to this post.
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

User avatar
richb
Administrator
Posts: 15894
Joined: Wed Jul 12, 2006 2:17 pm

Re: Script to check for Meltdown and/or Spectre vulnerability

#5 Postby richb » Fri Jan 12, 2018 1:34 pm

I get the same as Tim on my AMD with the 4.14.0-3 kernel installed from MXPI Popular packages>Kernel. From what I have read the Spectre Vulnerability is less likely. Whether it is or not, not much can be done at this point. Also keep browsers up to date. Latest FF is hardened and Goggle Chrome should be within the next few days.
Forum Rules
Guide - How to Ask for Help

Rich
SSD Production: MX-15- 64 - migrated to MX-16 RC1
HD Test: MX-16 RC1
AMD A8 7600 FM2+ CPU R7 Graphics, fglrx driver, 16 GIG Mem. Samsung EVO SSD 250 GB, 350 GB HD

ChrisUK
Forum Novice
Forum  Novice
Posts: 25
Joined: Tue Dec 12, 2017 1:04 pm

Re: Script to check for Meltdown and/or Spectre vulnerability (Updated)

#6 Postby ChrisUK » Fri Jan 12, 2018 4:34 pm

Here's a test specifically for Spectre vulnerability in Browsers:

http://xlab.tencent.com/special/spectre ... check.html

calinb
Forum Novice
Forum  Novice
Posts: 64
Joined: Tue Jun 27, 2017 1:57 am

Re: Script to check for Meltdown and/or Spectre vulnerability

#7 Postby calinb » Fri Jan 12, 2018 5:18 pm

Downloaded from github and my new Intel mobile quad core Pentium running MX-17 and old Atom (manufactured in 2011) running MX-16 PAE or Liquorix are "vulnerable" through and through. I'd read that Atom CPUs more than 5 years old are not vulnerable, but there's a lot of misinformation out there about S&M or maybe the script doesn't comprehend Atom. I'll have to look at the script more closely.

I wonder when the new kernels will float downstream to MX to at least reduce my vulnerabilities. I was hoping I could just use my Atom for javascript browsing. I just installed fresh Ubuntu Mate on my PPC G4 Mac-Mini. Maybe it's safe from S&M. Too bad PPC support is dropping like files--especially given S&M these days.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 14180
Age: 59
Joined: Fri Dec 15, 2006 8:07 pm

Re: Script to check for Meltdown and/or Spectre vulnerability

#8 Postby Stevo » Fri Jan 12, 2018 5:21 pm

Just backported the latest intel-microcode from Sid, the script is now a little better:

Code: Select all

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  YES


For my i5-6200U CPU.

The Debian changelog also mentions this mitigation. The new microcode should come down the pipe soon, but requires a reboot in order to load.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 14180
Age: 59
Joined: Fri Dec 15, 2006 8:07 pm

Re: Script to check for Meltdown and/or Spectre vulnerability

#9 Postby Stevo » Fri Jan 12, 2018 5:25 pm

calinb wrote:Downloaded from github and my new Intel mobile quad core Pentium running MX-17 and old Atom (manufactured in 2011) running MX-16 PAE or Liquorix are "vulnerable" through and through. I'd read that Atom CPUs more than 5 years old are not vulnerable, but there's a lot of misinformation out there about S&M or maybe the script doesn't comprehend Atom. I'll have to look at the script more closely.

I wonder when the new kernels will float downstream to MX to at least reduce my vulnerabilities. I was hoping I could just use my Atom for javascript browsing. I just installed fresh Ubuntu Mate on my PPC G4 Mac-Mini. Maybe it's safe from S&M. Too bad PPC support is dropping like files--especially given S&M these days.


The changes in the kernels to mitigate Meltdown are currently only for 64-bit. It's hard to find any explanation online as to why this situation happened, though. O̶n̶e̶ ̶A̶r̶c̶h̶ ̶u̶s̶e̶r̶ ̶r̶e̶p̶o̶r̶t̶s̶ ̶t̶h̶a̶t̶ ̶h̶i̶s̶ ̶3̶2̶-̶b̶i̶t̶ ̶k̶e̶r̶n̶e̶l̶ ̶h̶a̶s̶ ̶K̶P̶T̶I̶ ̶m̶i̶t̶i̶g̶a̶t̶i̶o̶n̶ ̶w̶o̶r̶k̶i̶n̶g̶.̶.̶.̶w̶h̶i̶c̶h̶ ̶s̶e̶e̶m̶s̶ ̶o̶d̶d̶,̶ ̶s̶i̶n̶c̶e̶ ̶I̶ ̶t̶h̶o̶u̶g̶h̶t̶ ̶A̶r̶c̶h̶ ̶d̶r̶o̶p̶p̶e̶d̶ ̶3̶2̶-̶b̶i̶t̶ ̶s̶u̶p̶p̶o̶r̶t̶.̶ Edit: Sorry, it was a 64-bit kernel, my mistake.

calinb
Forum Novice
Forum  Novice
Posts: 64
Joined: Tue Jun 27, 2017 1:57 am

Re: Script to check for Meltdown and/or Spectre vulnerability

#10 Postby calinb » Fri Jan 12, 2018 6:22 pm

Stevo wrote:The changes in the kernels to mitigate Meltdown are currently only for 64-bit. It's hard to find any explanation online as to why this situation happened, though. O̶n̶e̶ ̶A̶r̶c̶h̶ ̶u̶s̶e̶r̶ ̶r̶e̶p̶o̶r̶t̶s̶ ̶t̶h̶a̶t̶ ̶h̶i̶s̶ ̶3̶2̶-̶b̶i̶t̶ ̶k̶e̶r̶n̶e̶l̶ ̶h̶a̶s̶ ̶K̶P̶T̶I̶ ̶m̶i̶t̶i̶g̶a̶t̶i̶o̶n̶ ̶w̶o̶r̶k̶i̶n̶g̶.̶.̶.̶w̶h̶i̶c̶h̶ ̶s̶e̶e̶m̶s̶ ̶o̶d̶d̶,̶ ̶s̶i̶n̶c̶e̶ ̶I̶ ̶t̶h̶o̶u̶g̶h̶t̶ ̶A̶r̶c̶h̶ ̶d̶r̶o̶p̶p̶e̶d̶ ̶3̶2̶-̶b̶i̶t̶ ̶s̶u̶p̶p̶o̶r̶t̶.̶ Edit: Sorry, it was a 64-bit kernel, my mistake.

Good info, Stevo. Thanks! Hopefully at least 64-bit will be along soon. I could build a kernel myself, but haven't done it in years. If I resort to rolling my own, hopefully it will not be difficult to make a more resistant 32-bit kernel too. From my past experiences, the Gentoo forum may be of some assistance. Gentoo still supports PPC!

Speaking of PPC, I did a little research and I could find no one who has demonstrated a vulnerability in my Mac Mini's 7447a PPC CPU. It may be a case of not enough attention though, which is both bad and good (less helpful research but also not a prime target for hackers). An attack has been demonstrated on a G5 CPU, however, but the same attack reportedly leaked nothing from a 7447a.


Return to “General”

Who is online

Users browsing this forum: No registered users and 7 guests