Meltdown and Specter, the two nightmares in terms of computer security with which we opened the year, affect equally the processors of Intel, AMD and ARM and, therefore, Windows, macOS and Linux. The developers of the Linux kernel, in fact, reacted before the discovery was made public with the KPTI patch, formerly known as KAISER, for Meltdown.
These vulnerabilities, as we have commented throughout different articles, allow programs to steal data that is processed on computers.
Meltdown only affects Intel chips, making it easier to obtain data from system memory, while Specter adds AMD and ARM processors to the affected list. In its case, it allows the entry of other applications into the computer memory, although it is more difficult to exploit at the same time as it is more difficult to mitigate.
According to the researchers, if attackers take advantage of these failures they could extract stored passwords, photos, emails, instant messages and even documents from computers. It should be noted that the solution of the first vulnerability seems to be that it would imply a degradation of the performance and that of Specter two variants have been identified.
Guide to check if Linux is vulnerable
To check if any of the vulnerabilities affect a GNU / Linux installation we can use a simple shell script , which must be run as superuser , called Specter & Meltdown Checker . The process has two steps.
- We start by getting the code; we can get it using the wget command or the git command. They are wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh or git clone https://github.com/speed47/spectre-meltdown-checker.git . After entering one or the other, press the enter key .
- Now we will execute the script using the sudo command or the su command: write sudo sh specter-meltdown-checker.sh and press enter .
In some cases it will be necessary to install the Binutils package so that all the checks can be done correctly, step that we will give introducing the sequence git clone git: //sourceware.org/git/binutils-gdb.git .
If everything went as it should, we will get the results in the terminal window.
As we can see, the script shows us in a very illustrative way if we are protected against Meltdown and the two variants of Specter Indicating in detail the authorization or not of specific protections and the general state of protection in each of the threats identified as CVE- 2017-5753 , CVE-2017-5715 and CVE-2017-5754 .
If any of the values shows a “no” or the states indicate that the system is vulnerable to any of the threats, it is essential to check what updates are available for our equipment and install them as soon as possible to protect the system.