Summary of the CVEs in Spectre & Meltdown checkercve-2017-5753 bounds check bypass (Spectre Variant 1)
- Impact:kernel & All Software
- Mitigation:recompile software and kernel with a modified compiler this introduces the Lfence opcode at the proper positio NS in the resulting code
- Performance impact of the mitigation:negligible
CVE-2017-5715 Branch Target Injection (Spectre Variant 2)
- Impact:kernel
- mitigation 1:new opcode via microcode update that should is used by up to date compilers to protect the BTB (by flushing Indirect branch predictors)
- Mitigation 2:introducing "Retpoline" into compilers, and recompile software/os with it
- Performance impact of the Mitigation:high for mitigation 1, Medium for Mitigation 2, depending on your CPU
cve-2017-5754 Rogue Data cache load (meltdown)
- Impact:kernel
- mitigation:updated kernel (with pti/kpti patches), updating the kernel is enough
- Performance impact of the Mitigation:low to medium
There is some other more generic BASH scripts for security scanning like:
–unix-privesc-check–unix/linux User Privilege Escalation Scanner
–linenum–linux Enumeration & Privilege Escalation Tool
You can download Spectre & Meltdown Checker here:
spectre-meltdown-checker.sh
Spectre & Meltdown CHECKER–CPU chip Vulnerability Check Script Linux Edition