Ubuntu: Determine system vulnerability for Meltdown CVE-2017-5754

ubuntuThe Meltdown vulnerability affects Intel and some ARM (but not AMD) processor chips and can allow unprivileged access to memory in the kernel and other processes.  Canonical has committed to kernel patches to address this issue by January 9, 2018.

If you need to check your system, or perhaps have already patched your systems but want to verify that the issue truly is resolved, there is a proof of concept available on github that exercises a rogue data cache load (Variant 3).

In this article I will show you how to compile and run this non-destructive C++ program on Ubuntu 14.04 and 16.04.

Continue reading “Ubuntu: Determine system vulnerability for Meltdown CVE-2017-5754”

Ubuntu: Determine system vulnerability for Spectre CVE-2017-5715 CVE-2017-5753

ubuntuThe Spectre vulnerability affects Intel, AMD, and ARM processor chips (each to various degrees) and can allow unprivileged access to memory in the kernel and other processes.  Canonical has committed to kernel patches to address this issue by January 9, 2018.

If you need to check your system, or perhaps have already patched your systems but want to verify that the issue truly is resolved, there is a simple proof of concept that exercises the bounds check bypass within the same process (Variant 1, CVE-2017-5753).

In this article I will show you how to compile and run this small, non-destructive C program that is included as Appendix A in the Spectre whitepaper.

Continue reading “Ubuntu: Determine system vulnerability for Spectre CVE-2017-5715 CVE-2017-5753”