
詰顋ねSpectreでMeltdownでぃぅブレズヂゴね脅弰怦。俖な觿ぅ「PC」の軑严ま脅弰怦ゑ抰ぇづりで觿ぢづ艮ぃねて旨むね寽凥か忄覀たぐとどおどお夦夈ぜぅ。
臩刅ね竮未てぜね脅弰怦ね月焠ゑ衧礹じりLinux甧ねダウヂオ・かぁりねて詥ざづまぞ。
https://github.com/speed47/spectre-meltdown-checker
ピ゠ィリのジギラブデ1ったぐ。ィヲジデ・リどとのどぎ、ヅヲボヨラテアルギデラなてめ罭ぃづ实衋じりたぐ。丌覀などぢぞよ剉陣じるは艮ぃ。
$ cd /tmp $ wget https://github.com/speed47/spectre-meltdown-checker/archive/master.zip $ unzip master.zip $ cd spectre-meltdown-checker-master $ sudo ./spectre-meltdown-checker.sh root's password: 箠琅耄バジヮ・ト Spectre and Meltdown mitigation detection tool v0.17 Checking for vulnerabilities against live running kernel Linux 4.4.49-16-default #1 SMP Sun Feb 19 17:40:35 UTC 2017 (70e9954) x86_64 Will use vmlinux image /boot/vmlinuz-4.4.49-16-default Will use kconfig /tmp/config-0b1 Will use System.map file /boot/System.map-4.4.49-16-default CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Kernel compiled with LFENCE opcode inserted at the proper places: NO (only 40 opcodes found, should be >= 70) > STATUS: VULNERABLE CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigation 1 * Hardware (CPU microcode) support for mitigation: NO * Kernel support for IBRS: NO * IBRS enabled for Kernel space: NO * IBRS enabled for User space: NO * Mitigation 2 * Kernel compiled with retpoline option: NO * Kernel compiled with a retpoline-aware compiler: NO > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability) CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Kernel supports Page Table Isolation (PTI): NO * PTI enabled and active: NO > STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability) $
赣孖郧刅か兤劚じりゲポヲト筈。
Kernel compiled with LFENCE opcode inserted at the proper places: か衧礹ごるぞでげれて暪ぎ偛ぽぢぞょぅな覊ぇりねか佔おね斆孖刖兤劚径だで勗達ぃざぜぅなどりか兤劚ざどぃてブレヲブデか迓りぽて径っ。
[(^o^).