Pages : 1
#1 Le 15/01/2018, à 08:47
- ft
Spectre/Meltdown checker
Salut,
C'est nouveau dans les dépôts Bionic :
https://launchpad.net/ubuntu/+source/sp … ker/0.29-1
Pour ceux qui ne testent pas Bionic, je suppose que le paquet doit être utilisable aussi.
Ubuntu 25.04
Hors ligne
#2 Le 15/01/2018, à 09:22
- michel_04
Re : Spectre/Meltdown checker
Bonjour,
Sur 18.04. --->
~/Téléchargements/spectre-meltdown-checker-0.29$ sudo ./spectre-meltdown-checker.sh
[sudo] Mot de passe de michel :
Spectre and Meltdown mitigation detection tool v0.29
Checking for vulnerabilities against running kernel Linux 4.13.0-25-generic #29-Ubuntu SMP Mon Jan 8 21:14:41 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: NO
> STATUS: VULNERABLE (only 29 opcodes found, should be >= 70, heuristic to be improved when official patches become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: NO
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)
A false sense of security is worse than no security at all, see --disclaimerÇa fonctionne aussi sur 16.04. --->
~/spectre-meltdown-checker-0.29$ sudo ./spectre-meltdown-checker.sh
[sudo] Mot de passe de michel :
Spectre and Meltdown mitigation detection tool v0.29
Checking for vulnerabilities against running kernel Linux 4.4.0-109-generic #132-Ubuntu SMP Tue Jan 9 19:52:39 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: NO
> STATUS: VULNERABLE (only 33 opcodes found, should be >= 70, heuristic to be improved when official patches become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: YES
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)
A false sense of security is worse than no security at all, see --disclaimerA+
Dernière modification par michel_04 (Le 15/01/2018, à 09:27)
:D
De la bonne manière de poser les questions - Trouver de l'aide grâce au Groupe des Parrains Linux - Le Pacte des Gnous
PCs sous Debian Stable & Debian Sid.
Hors ligne
#3 Le 15/01/2018, à 09:24
- ft
Re : Spectre/Meltdown checker
Bon alors voici le lien direct :
https://launchpad.net/ubuntu/+source/sp … -1_all.deb
(64 bits, a priori)
Ubuntu 25.04
Hors ligne
#4 Le 15/01/2018, à 09:28
- michel_04
Re : Spectre/Meltdown checker
Re,
Très bonne initiative.
A+
:D
De la bonne manière de poser les questions - Trouver de l'aide grâce au Groupe des Parrains Linux - Le Pacte des Gnous
PCs sous Debian Stable & Debian Sid.
Hors ligne
#5 Le 15/01/2018, à 09:30
- ft
Re : Spectre/Meltdown checker
Sous Bionic (noyau 4.14 du dépôt proposed) :
moi@moi-meme:~$ sudo spectre-meltdown-checker
Spectre and Meltdown mitigation detection tool v0.29
Checking for vulnerabilities against running kernel Linux 4.14.0-15-generic #18-Ubuntu SMP Fri Jan 5 17:39:56 UTC 2018 x86_64
CPU is Intel(R) Xeon(R) CPU E3-1535M v5 @ 2.90GHz
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: NO
> STATUS: VULNERABLE (only 29 opcodes found, should be >= 70, heuristic to be improved when official patches become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: YES
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)Dernière modification par ft (Le 15/01/2018, à 09:31)
Ubuntu 25.04
Hors ligne
#6 Le 15/01/2018, à 19:16
- Alex10336
Re : Spectre/Meltdown checker
L'entête du script:
# Check for the latest version at:
# https://github.com/speed47/spectre-meltdown-checker
# git clone https://github.com/speed47/spectre-meltdown-checker.git
# or wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
#C'est celui qui tourne sur le sujet qui en parle dans le bar (je ne le retrouve pas sans mail de notif 
)
Dernière modification par Alex10336 (Le 15/01/2018, à 19:17)
« On ne répond pas à une question par une autre question. » (moi ;-) )
Hors ligne
Pages : 1