Check Linux for Spectre and Meltdown vulnerability

Posted on January 9, 2018 at 11:23 am

Check if your Linux server is vulnerable to Spectre and Meltdown CPU bugs.

You can use Spectre & Meltdown vulnerability/mitigation checker for Linux:

https://github.com/speed47/spectre-meltdown-checker

The shell script checks for CVE-2017-5753, CVE-2017-5754, CVE-2017-5715.

Read also: How to patch Meltdown vulnerability on Debian Linux

Download the shell script using wget:

cd /tmp/
wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh

Or you can clone it via git:

git clone https://github.com/speed47/spectre-meltdown-checker.git

Run the script as root user using sudo or su command:

sudo sh spectre-meltdown-checker.sh

Here is an example output:

Spectre and Meltdown mitigation detection tool v0.16
 
Checking vulnerabilities against Linux [...]
 
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Kernel compiled with LFENCE opcode inserted at the proper places:  NO  (only 42 opcodes found, should be >= 70)
> STATUS:  VULNERABLE 
 
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
 
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  NO 
* PTI enabled and active:  NO 
> STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)

Receive updates via email

Other Posts

Updated Posts