Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- pi@raspberrypi:~ $ sudo ./spectre-meltdown-checker.sh
- Spectre and Meltdown mitigation detection tool v0.42
- Checking for vulnerabilities on current system
- Kernel is Linux 4.19.57-v7l+ #1244 SMP Thu Jul 4 18:48:07 BST 2019 armv7l
- CPU is ARM v7 model 0xd08
- We're missing some kernel info (see -v), accuracy might be reduced
- Possible disrepancy between your running kernel '4.19.57-v7l+' and the image '4. 19.57-v7+ #1244 SMP Thu Jul 4 18:45:25 BST 2019 ' we found (/boot/kernel7.img), results might be incorrect
- Hardware check
- * CPU vulnerability to the speculative execution attack variants
- * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): NO
- * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): N O
- * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): N O
- * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): NO
- * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): NO
- * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
- * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
- * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
- * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
- * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer dat a sampling (MFBDS)): NO
- * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampli ng (MLPDS)): NO
- * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncache able memory (MDSUM)): NO
- CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
- * Kernel has array_index_mask_nospec: NO
- * Kernel has the Red Hat/Ubuntu patch: NO
- * Kernel has mask_nospec64 (arm64): NO
- * Checking count of LFENCE instructions following a jump in kernel... NO (only 0 jump-then-lfence instructions found, should be >= 30 (heuristic))
- > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulne rable)
- CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
- * Mitigation 1
- * Kernel is compiled with IBRS support: YES
- * IBRS enabled and active: NO
- * Kernel is compiled with IBPB support: NO
- * IBPB enabled and active: NO
- * Mitigation 2
- * Kernel has branch predictor hardening (arm): NO
- * Kernel compiled with retpoline option: UNKNOWN (couldn't read your kernel configuration)
- > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulne rable)
- CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
- * Kernel supports Page Table Isolation (PTI): NO
- * PTI enabled and active: NO
- * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, perform ance impact of PTI will be significant)
- * Running as a Xen PV DomU: NO
- > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulne rable)
- CVE-2018-3640 aka 'Variant 3a, rogue system register read'
- * CPU microcode mitigates the vulnerability: NO
- > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulne rable)
- CVE-2018-3639 aka 'Variant 4, speculative store bypass'
- * Kernel supports disabling speculative store bypass (SSB): YES (found in /pro c/self/status)
- * SSB mitigation is enabled and active: > STATUS: NOT VULNERABLE (your CPU ven dor reported your CPU model as not vulnerable)
- CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
- * CPU microcode mitigates the vulnerability: N/A
- > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulne rable)
- CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
- * Kernel supports PTE inversion: NO
- * PTE inversion enabled and active: UNKNOWN (sysfs interface not available)
- > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulne rable)
- CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
- * This system is a host running a hypervisor: NO
- * Mitigation 1 (KVM)
- * EPT is disabled: N/A (the kvm_intel module is not loaded)
- * Mitigation 2
- * L1D flush is supported by kernel: NO
- * L1D flush enabled: UNKNOWN (can't find or read /sys/devices/system/cpu/vul nerabilities/l1tf)
- * Hardware-backed L1D flush supported: NO (flush will be done in software, t his is slower)
- * Hyper-Threading (SMT) is enabled: UNKNOWN
- > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulne rable)
- CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBD S)'
- * Kernel supports using MD_CLEAR mitigation: NO
- > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulne rable)
- CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MF BDS)'
- * Kernel supports using MD_CLEAR mitigation: NO
- > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulne rable)
- CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
- * Kernel supports using MD_CLEAR mitigation: NO
- > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulne rable)
- CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (M DSUM)'
- * Kernel supports using MD_CLEAR mitigation: NO
- > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulne rable)
- > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK C VE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-1212 6:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK
- We're missing some kernel info (see -v), accuracy might be reduced
- Need more detailed information about mitigation options? Use --explain
- A false sense of security is worse than no security at all, see --disclaimer
- pi@raspberrypi:~ $
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement