How to Check and Patch Meltdown CPU Vulnerability in Linux?
Last Updated :
17 Mar, 2021
Here we will check and Patch Meltdown CPU Vulnerability in Linux. CPU hardware implementations are found vulnerable to side-channel attacks, They are known as:
Meltdown: It is a security vulnerability found in hardware that is affecting Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors too. Security boundaries enforced by the hardware get "melts" by a bug which is called Meltdown which may result in affecting desktops, laptops, and cloud computers. This vulnerability can allow data from any address that is mapped to the current process's memory space to be read by any unauthorized process. Meltdown vulnerability results may end up risking passwords, encryption data, and any other sensitive information, from any address of any process that exists in its memory map.
Spectre: It is a vulnerability affecting modern microprocessors that perform branch prediction. The name spectre is derived from "speculative execution" an optimization method in which a computer system performs some task, based on some prediction which may leave some side effects that result in revealing of private data to attackers. Spectre affects almost all devices including desktops, laptops, cloud servers, and smartphones Spectre can trick a program to access arbitrary locations in the program's memory space. Spectre can be remotely exploited by code hosted on some remote malicious web pages, by interpreted languages like JavaScript, that run locally using a web browser, After that the scripted malware would get all the access to the memory-mapped to the address space of the running browser.
For safeguarding ourselves from this type of vulnerability there comes a shell script called Spectre & Meltdown Checker to tell if our system is vulnerable against the several"Meltdown" & "speculative execution" CVEs (Common Vulnerabilities and Exposures). Spectre-meltdown-checker is a simple shell script to check if your Linux system is vulnerable against the “speculative execution” CVEs since 2018.
How does the script work For Linux systems? Well, the script detects mitigations, including that of backported non-vanilla patches, regardless of the advertised kernel version number and the distribution (such as Debian, Ubuntu, CentOS, RHEL, Fedora, OpenSUSE, Arch, ...).
Spectre & Meltdown Checker
Step 1: Clone Spectre & Meltdown Checker from Github
git clone https://github.com/speed47/spectre-meltdown-checker.git
Step 2: Get inside the Spectre & Meltdown Checker directory
cd spectre-meltdown-checker/
Step 3: Run the script
sudo ./spectre-meltdown-checker.sh
So from the above results, it is clear my CPU is not vulnerable
But if you find any of them vulnerable, you can simply update and upgrade your system and reboot it by using the following command:
$ sudo apt-get update
$ sudo apt-get upgrade
$ reboot
You can check whether your system is patched or unpatched using the following command:
grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched :)" || echo "unpatched :("
Similar Reads
CRLFuzz - A Linux Tool To Scan CRLF Vulnerability Written in Go
CRLF injection is a software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected. Checking the CRLF Vulnerability manually on the target domain becomes very complicated. So there should be an automated approach for studying the vul
4 min read
Converting a CVE list to Patch Vulnerabilities
The National Vulnerability Database (NVD) provides a way for vendors to have research into their products publicly disclosed so that people can find and review the latest security information. When discovered, vulnerabilities are given a unique identifier known as CVE - or Common Vulnerabilities and
5 min read
How to check how many CPUs are there in Linux system
In this article, we will discuss how to check CPU information in a Linux system. In the Linux system, the main configuration file of the CPU and system architecture is stored at /proc/cpuinfo. With the help of the cat, nano command we can view the CPU configuration file. This helps a lot in getting
2 min read
How to Monitor CPU and GPU temperature in Linux
This article will discuss How to Monitor CPU and GPU temperature in Linux. There are several ways to do this here in this article we will discuss a few of them. The utilization of currently running programs or applications has no bearing on the CPU or GPU temperature. Operating sensitive computer pa
4 min read
RapidScan – The Multi-Tool Web Vulnerability Scanner in Kali Linux
RapidScan is a free and open-source tool available on GitHub which is based upon Open Source Intelligence (OSINT), the easiest and useful tool for reconnaissance. The RapidScan interface is very similar to Metasploit 1 and Metasploit 2, which provides a command-line interface that you can run on Kal
2 min read
Kali Linux - Vulnerability Analysis Tools
Vulnerability Analysis is one of the most important phases of Hacking. It is done after Information Gathering and is one of the crucial steps to be done while designing an application. The cyber-world is filled with a lot of vulnerabilities which are the loopholes in a program through which hacker e
4 min read
Pompem - Exploit and Vulnerability Finder
Pompem tool is an automation tool used in the phase of Vulnerability Scanning. This tool can find the exploits for a particular text. Now, this text can be CMS, Port service, Database, etc. Pompem tool makes the exploit search into CXSecurity, ZeroDay, Vulners, National Vulnerability Databases, and
2 min read
Parth - Heuristic Vulnerable Parameter in Linux
The URL parameter is a way to transfer data about a click-through URL. We can include URL parameters into your URLs so that your URLs track data about a click. For example, the parameter geeksforgeeks.org/demo?url=[victim_payload] can contain URLs as the value and can fall victim or target for vario
4 min read
Red Hawk - Information Gathering and Vulnerability Scanning Tool in Kali Linux
Red Hawk is a free and open-source tool available on GitHub. Red Hawk is used to scanning websites for information gathering and finding vulnerabilities. Red Hawk is written in PHP. It uses PHP script to do reconnaissance. Red Hawk is so powerful that it can detect content management system while sc
4 min read
Check and Monitor Active GPU in Linux
Monitoring the GPU(Graphics Processing Unit) on a Linux operating system is essential for performance testing, debugging, and ensuring usage. There are many tools for checking and monitoring the GPU activity of various GPUs like Nvidia, AMD, or Intel GPU. This article will teach us about multiple me
4 min read