API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 14th, 2019
383
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.30 KB | None | 0 0
raw download clone embed print report
  1. login as: eagle
  2. [email protected]'s password:
  3. Welcome to Manjaro-ARM
  4. ~~Website: https://manjaro.org
  5. ~~Forum: https://forum.manjaro.org/c/manjaro-arm
  6. ~~IRC: #manjaro-arm on irc.freenode.net
  7. ~~Matrix: #manjaro-arm-public:matrix.org
  8. [eagle@eagle-pc ~]$ sudo ./spectre-meltdown-checker.sh
  9. [sudo] password for eagle:
  10. Spectre and Meltdown mitigation detection tool v0.42
  11.  
  12. Checking for vulnerabilities on current system
  13. Kernel is Linux 4.19.65-1-MANJARO-ARM #1 SMP PREEMPT Tue Aug 13 14:39:03 UTC 2019 aarch64
  14. CPU is ARM v8 model 0xd08
  15. We're missing some kernel info (see -v), accuracy might be reduced
  16.  
  17. Hardware check
  18. * CPU vulnerability to the speculative execution attack variants
  19. * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
  20. * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
  21. * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
  22. * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
  23. * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
  24. * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
  25. * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
  26. * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
  27. * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
  28. * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
  29. * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
  30. * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
  31.  
  32. CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
  33. * Kernel has array_index_mask_nospec: UNKNOWN (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))
  34. * Kernel has the Red Hat/Ubuntu patch: UNKNOWN (missing 'strings' tool, please install it, usually it's in the binutils package)
  35. * Kernel has mask_nospec64 (arm64): UNKNOWN (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))
  36. * Checking count of LFENCE instructions following a jump in kernel... UNKNOWN (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))
  37. > STATUS: UNKNOWN (Couldn't find kernel image or tools missing to execute the checks)
  38.  
  39. CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
  40. * Mitigation 1
  41. * Kernel is compiled with IBRS support: YES
  42. * IBRS enabled and active: NO
  43. * Kernel is compiled with IBPB support: UNKNOWN (in offline mode, we need the kernel image to be able to tell)
  44. * IBPB enabled and active: NO
  45. * Mitigation 2
  46. * Kernel has branch predictor hardening (arm): YES
  47. * Kernel compiled with retpoline option: UNKNOWN (couldn't read your kernel configuration)
  48. > STATUS: NOT VULNERABLE (Branch predictor hardening mitigates the vulnerability)
  49.  
  50. CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
  51. * Kernel supports Page Table Isolation (PTI): YES
  52. * PTI enabled and active: YES
  53. * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
  54. * Running as a Xen PV DomU: NO
  55. > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
  56.  
  57. CVE-2018-3640 aka 'Variant 3a, rogue system register read'
  58. * CPU microcode mitigates the vulnerability: NO
  59. > STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)
  60.  
  61. CVE-2018-3639 aka 'Variant 4, speculative store bypass'
  62. * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
  63. * SSB mitigation is enabled and active: > STATUS: VULNERABLE (Your CPU doesn't support SSBD)
  64.  
  65. CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
  66. * CPU microcode mitigates the vulnerability: N/A
  67. > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
  68.  
  69. CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
  70. * Kernel supports PTE inversion: * PTE inversion enabled and active: UNKNOWN (sysfs interface not available)
  71. > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
  72.  
  73. CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
  74. * This system is a host running a hypervisor: NO
  75. * Mitigation 1 (KVM)
  76. * EPT is disabled: N/A (the kvm_intel module is not loaded)
  77. * Mitigation 2
  78. * L1D flush is supported by kernel: UNKNOWN (missing 'strings' tool, please install it, usually it's in the binutils package)
  79. * L1D flush enabled: UNKNOWN (can't find or read /sys/devices/system/cpu/vulnerabilities/l1tf)
  80. * Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
  81. * Hyper-Threading (SMT) is enabled: UNKNOWN
  82. > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
  83.  
  84. CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
  85. * Kernel supports using MD_CLEAR mitigation: UNKNOWN
  86. > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
  87.  
  88. CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
  89. * Kernel supports using MD_CLEAR mitigation: UNKNOWN
  90. > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
  91.  
  92. CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
  93. * Kernel supports using MD_CLEAR mitigation: UNKNOWN
  94. > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
  95.  
  96. CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
  97. * Kernel supports using MD_CLEAR mitigation: UNKNOWN
  98. > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
  99.  
  100. > SUMMARY: CVE-2017-5753:?? CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:KO CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK
  101.  
  102. We're missing some kernel info (see -v), accuracy might be reduced
  103. Need more detailed information about mitigation options? Use --explain
  104. A false sense of security is worse than no security at all, see --disclaimer
  105. [eagle@eagle-pc ~]$
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!