1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ALERT Kernel Vulnerability Checker

Discussion in 'Bug Reporting and Fixes' started by wardmundy, Jan 10, 2018.

  1. wardmundy

    wardmundy Nerd Uno

    Joined:
    Oct 12, 2007
    Messages:
    13,825
    Likes Received:
    2,293
    Here is a handy way to check for kernel issues with Specter and Meltdown...

    Code:
    git clone https://github.com/speed47/spectre-meltdown-checker.git
     
    #1 wardmundy, Jan 10, 2018
    Last edited: Jan 10, 2018
    pbxinaflash likes this.
  2. wardmundy

    wardmundy Nerd Uno

    Joined:
    Oct 12, 2007
    Messages:
    13,825
    Likes Received:
    2,293
    Looks like CentOS/SL still have a problem:

    [​IMG]
     
  3. Jose Pinto

    Jose Pinto Member

    Joined:
    Oct 26, 2017
    Messages:
    144
    Likes Received:
    19
    Hi
    Woothosting 1v core 2gb / 20gb hd/ ( too slow).

    Spectre and Meltdown mitigation detection tool v0.25

    Checking for vulnerabilities against live running kernel Linux 2.6.32-042stab125.5 #1 SMP Tue Oct 17 12:48:22 MSK 2017 x86_64

    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Checking count of LFENCE opcodes in kernel: UNKNOWN (couldn't find your kernel image in /boot, if you used netboot, this is normal)
    > STATUS: UNKNOWN (impossible to check )

    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    * Hardware (CPU microcode) support for mitigation: UNKNOWN (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)
    * Kernel support for IBRS: NO
    * IBRS enabled for Kernel space: NO
    * IBRS enabled for User space: NO
    * Mitigation 2
    * Kernel compiled with retpoline option: UNKNOWN (couldn't read your kernel configuration)
    * Kernel compiled with a retpoline-aware compiler: UNKNOWN (couldn't find your kernel image or System.map)
    > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI): UNKNOWN (couldn't read your kernel configuration nor System.map file)
    * PTI enabled and active: NO
    > STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability)
     

Share This Page