How To Check For Meltdown And Spectre Vulnerabilities And Patch Them In Linux

Meltdown And Spectre Vulnerabilities

5 Responses

  1. Todd says:

    Thank you for the update, however, we patched our systems using:
    -> sudo apt-get update && sudo apt-get dist-upgrade
    and we continue to get the “unpatched 🙁 ” prompt
    -> grep cpu_insecure /proc/cpuinfo && echo “patched :)” || echo “unpatched :(”
    -> dmesg | grep “Kernel/User page tables isolation: enabled” && echo “patched :)” || echo “unpatched :(”
    -> grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo “patched :)” || echo “unpatched :(”

    We are running:
    Distributor ID: Ubuntu
    Description: Ubuntu 16.04.3 LTS
    Release: 16.04
    Codename: xenial

    https://uploads.disquscdn.com/images/dfe43d182b7c23fcb9ef71fc863c0bc8e6dd59c7403807e07b52da7115f1e716.png https://uploads.disquscdn.com/images/af7c7fd42225acddc4b6029d65cade670e071aff7866a41f32a4ad7df56bbea3.png

    Don’t know if you have run into this issue, but let me know if there is something from a kernel rebuild or is there something that we have missed

    By the way, just ran apt-get update && apt-get dist-upgrade again and it still says “unpatched 🙁 ”

    Let me know if you run across something.

    T

  2. Todd says:

    Ran the spectre-meltdown-checker, it seems there is a Mitigation 1 vulnerability (IBRS hardware + kernel support), installed the patch on this as well (before this was run). https://uploads.disquscdn.com/images/c3413b84dec7b0254a406e913587c9541c2d002523e68aac6bc7c2d931f4cb7f.png

  3. Todd says:

    What we have identified in the Linux and Windows world, it seems that the patches are not comprehensive. We went through extensive tests and kernel distribution updates with no remedy for all of the issues experienced. Oh well, we have to wait for the distros and the CPU Mfg to provide a patch that is comprehensive. Anyway, thank you for your insight. https://uploads.disquscdn.com/images/80b3700d1ab401cea2eefaf466da413cb3b8db9667ca89a5c35676ebe6ab6285.png

  4. pooky2483 says:

    Does NOT work.
    I am running kernel 4.15.0-34-generic and ran the command to check for the vulnerability and it came up “unpatched :(“.
    My processor is an AMD Phenom II x4 965

    There’s something wrong with the checker!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.