01 02

Script pra saber o quão afetado você foi pelo Meltdown e Spectre

13. Re: Script pra saber o quão afetado você foi pelo Meltdown e Spectre

Mastruz
(usa Manjaro Linux)

Enviado em 12/01/2018 - 11:44h

AndrewUser escreveu:

Eu estou vulnerável. E agora. No Xubuntu, eu rodei o script e saiu isso.



Spectre and Meltdown mitigation detection tool v0.27



Checking for vulnerabilities against live running kernel Linux 4.13.0-21-generic #24-Ubuntu SMP Mon Dec 18 17:29:16 UTC 2017 x86_64



CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

* Checking count of LFENCE opcodes in kernel:  NO 

> STATUS:  VULNERABLE  (only 29 opcodes found, should be >= 70, heuristic to be improved when official patches become available)



CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

* Mitigation 1

*   Hardware (CPU microcode) support for mitigation:  NO 

*   Kernel support for IBRS:  NO 

*   IBRS enabled for Kernel space:  NO 

*   IBRS enabled for User space:  NO 

* Mitigation 2

*   Kernel compiled with retpoline option:  NO 

*   Kernel compiled with a retpoline-aware compiler:  NO 

> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)



CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

* Kernel supports Page Table Isolation (PTI):  NO 

* PTI enabled and active:  NO 

> STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)



A false sense of security is worse than no security at all, see --disclaimer

Everything that happens has an initial reaction.

Sua situação está bem triste, pois você está vulnerável em todas. No meu caso ainda estou para uma parte do Spectre. O Meltdown eu consegui resolver apenas digitando no terminal:

sudo apt update && sudo apt upgrade && sudo apt dist-upgrade -y

E dando um reboot

2 0

Quote

14. Re: Script pra saber o quão afetado você foi pelo Meltdown e Spectre

albfneto
(usa openSUSE)

Enviado em 12/01/2018 - 20:28h

Processadores AMD não são afetados?
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Albfneto,
Ribeirão Preto, S.P., Brasil.
Usuário Linux, Linux Counter: #479903.
Distros Favoritas: Sabayon, Gentoo, openSUSE, Mageia e OpenMandriva.

0 0

Quote

15. Re: Script pra saber o quão afetado você foi pelo Meltdown e Spectre

removido
(usa Nenhuma)

Enviado em 24/02/2018 - 21:24h

1 – Vamos verificar se o seu computador com Ubuntu, Debian, Arch Linux, openSUSE, Linux Mint, Fedora, RedHat, CentOS, CoreOS ou qualquer GNU/Linux está vulnerável a Meltdown e Spectre com Linux, esta checagem é considerada simples:

grep . /sys/devices/system/cpu/vulnerabilities/*

Fonte:

https://sempreupdate.com.br/como-verificar-sistema-linux-ubuntu-esta-vulneravel-a-meltdown-e-spectre...

0 0

Quote

16. Re: Script pra saber o quão afetado você foi pelo Meltdown e Spectre

ricardogroetaers
(usa Linux Mint)

Enviado em 24/02/2018 - 23:09h

Meltdown e Specter parecem piada.
Com kernel antigo e script antigo (do Diolinux) o PC era vulnerável a uma coisa só (não lembro qual delas, tem fig. postada por mim aqui no Forum).
Com kernel novo e script mais atual nada mudou.
Com o script mais novo o PC ficou vulnerável a tudo.
https://i.imgur.com/KR19whk.png

Como disse Linos Torvalds:
"Torvalds afirma, por exemplo, que as atualizações foram infladas pela Intel com correções para vulnerabilidades que já haviam sido solucionadas com o objetivo de fazer o pacote parecer mais completo."

"O criador do Linux também acusa a Intel de não ser transparente como prometido: “alguém não está dizendo a verdade aqui. Alguém está empurrado todo esse lixo por razões pouco claras. Desculpa ter que dizer”. Torvalds continua: “Eles estão fazendo loucuras, literalmente. Coisas que não fazem sentido. Que tornam todos os argumentos questionáveis e suspeitos. Os pacotes fazem coisas insanas”."

0 0

Quote

17. Re: Script pra saber o quão afetado você foi pelo Meltdown e Spectre

Grinder
(usa Slackware)

Enviado em 25/02/2018 - 00:12h

No gentoo, for considerar os 3 CVE, estou 25% vulnerável hahaha

Checking for vulnerabilities on current system

Kernel is Linux 4.15.5-gentoo #1 SMP Sat Feb 24 23:39:17 -03 2018 x86_64

CPU is Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz



Hardware check

* Hardware support (CPU microcode) for mitigation techniques

  * Indirect Branch Restricted Speculation (IBRS)

    * SPEC_CTRL MSR is available:  NO 

    * CPU indicates IBRS capability:  NO 

  * Indirect Branch Prediction Barrier (IBPB)

    * PRED_CMD MSR is available:  NO 

    * CPU indicates IBPB capability:  NO 

  * Single Thread Indirect Branch Predictors (STIBP)

    * SPEC_CTRL MSR is available:  NO 

    * CPU indicates STIBP capability:  NO 

  * Enhanced IBRS (IBRS_ALL)

    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 

    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 

  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 

  * CPU microcode is known to cause stability problems:  NO  (model 58 stepping 9 ucode 0x16)

* CPU vulnerability to the three speculative execution attacks variants

  * Vulnerable to Variant 1:  YES 

  * Vulnerable to Variant 2:  YES 

  * Vulnerable to Variant 3:  YES 



CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)

* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())

* Kernel has the Red Hat/Ubuntu patch:  NO 

> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)



CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

* Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)

* Mitigation 1

  * Kernel is compiled with IBRS/IBPB support:  NO 

  * Currently enabled features

    * IBRS enabled for Kernel space:  NO 

    * IBRS enabled for User space:  NO 

    * IBPB enabled:  NO 

* Mitigation 2

  * Kernel compiled with retpoline option:  YES 

  * Kernel compiled with a retpoline-aware compiler:  NO  (kernel reports minimal retpoline compilation)

> STATUS:  VULNERABLE  (Vulnerable: Minimal generic ASM retpoline)



CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)

* Kernel supports Page Table Isolation (PTI):  YES 

* PTI enabled and active:  YES 

* Running as a Xen PV DomU:  NO 

> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

- - - - -
www.github.com/ericfernandesferreira
www.youtube.com/candelabrus1

0 0

Quote

18. Re: Script pra saber o quão afetado você foi pelo Meltdown e Spectre

Grinder
(usa Slackware)

Enviado em 25/02/2018 - 00:17h

Em compensação nosso saudoso e idolatrado Slackware, 100% protegido, preciso descobrir aonde está esse repotline no meu kernel do slackware para poder adicionar no gentoo.

Checking for vulnerabilities on current system

Kernel is Linux 4.15.2 #1 SMP Sun Feb 11 06:52:23 -02 2018 x86_64

CPU is Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz



Hardware check

* Hardware support (CPU microcode) for mitigation techniques

  * Indirect Branch Restricted Speculation (IBRS)

    * SPEC_CTRL MSR is available:  NO 

    * CPU indicates IBRS capability:  NO 

  * Indirect Branch Prediction Barrier (IBPB)

    * PRED_CMD MSR is available:  NO 

    * CPU indicates IBPB capability:  NO 

  * Single Thread Indirect Branch Predictors (STIBP)

    * SPEC_CTRL MSR is available:  NO 

    * CPU indicates STIBP capability:  NO 

  * Enhanced IBRS (IBRS_ALL)

    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 

    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 

  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 

  * CPU microcode is known to cause stability problems:  NO  (model 58 stepping 9 ucode 0x16)

* CPU vulnerability to the three speculative execution attacks variants

  * Vulnerable to Variant 1:  YES 

  * Vulnerable to Variant 2:  YES 

  * Vulnerable to Variant 3:  YES 



CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)

* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())

* Kernel has the Red Hat/Ubuntu patch:  NO 

> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)



CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)

* Mitigation 1

  * Kernel is compiled with IBRS/IBPB support:  NO 

  * Currently enabled features

    * IBRS enabled for Kernel space:  NO 

    * IBRS enabled for User space:  NO 

    * IBPB enabled:  NO 

* Mitigation 2

  * Kernel compiled with retpoline option:  YES 

  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)

> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)



CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)

* Kernel supports Page Table Isolation (PTI):  YES 

* PTI enabled and active:  YES 

* Running as a Xen PV DomU:  NO 

> STATUS:  NOT VULNERABLE  (Mitigation: PTI)