Skip to content

raphaelsc/Am-I-affected-by-Meltdown

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
images
improve README
January 4, 2018 22:15
LICENSE
chg mail address
January 5, 2018 19:12
Makefile
take into account minor version
January 8, 2018 03:57
README.md
move reference to blog post
January 11, 2018 20:48
assembly_utils.hh
fix i386 support
January 14, 2018 02:04
meltdown_checker.cc
Alter return code based on whether affected or not
January 16, 2018 16:23
Am I affected by Meltdown?! Meltdown (CVE-2017-5754) checker What am I? How it works? Getting started What to do when you face: Example output for a system affected by Meltdown:

README.md

Am I affected by Meltdown?! Meltdown (CVE-2017-5754) checker

Alt text

What am I?

Proof-of-concept /

Exploit /

Checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

The basic idea is that user will know whether or not the running system is properly patched with something like KAISER patchset (https://lkml.org/lkml/2017/10/31/884) for example.

Check out my blog post that guides reader through a Meltdown proof-of-concept: http://funwithbits.net/blog/programmers-guide-to-meltdown/

*** Only works on Linux for now ***

How it works?

It works by using /proc/kallsyms to find system call table and checking whether the address of a system call found by exploiting MELTDOWN match the respective one in /proc/kallsyms.

Getting started

Clone, then run make to compile the project, then run meltdown-checker:

git clone https://github.com/raphaelsc/Am-I-affected-by-Meltdown.git
cd ./Am-I-affected-by-Meltdown
make
taskset 0x1 ./meltdown-checker

What to do when you face:

  • Unable to read /proc/kallsyms...

    That's because your system may be preventing the program from reading kernel symbols in /proc/kallsyms due to /proc/sys/kernel/kptr_restrict set to 1. The following command will do the tricky:

    sudo sh -c "echo 0  > /proc/sys/kernel/kptr_restrict"

  • Unable to read /boot/System.map-.

    That could probably be because your system not having /boot mounted. This program relies on that partition and thus you'd need to mount your /boot partition first.

Please open an issue if you have an idea on how to fallback to another approach in this scenario.

Example output for a system affected by Meltdown:

Alt text

Checking whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN ...
Checking syscall table (sys_call_table) found at address 0xffffffffaea001c0 ...
0xc4c4c4c4c4c4c4c4 -> That's unknown
0xffffffffae251e10 -> That's SyS_write

System affected! Please consider upgrading your kernel to one that is patched with KAISER
Check https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html for more details

About

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

meltdownattack.com/

Topics

security exploit poc pti meltdown intelbug kaiser kpti

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

543 stars

Watchers

47 watching

Forks

71 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages