GitHub - raphaelsc/Am-I-affected-by-Meltdown: Proof-of-concept / Exploit / check...
source link: https://github.com/raphaelsc/Am-I-affected-by-Meltdown
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Am I affected by Meltdown?! Meltdown (CVE-2017-5754) checker
What am I?
Proof-of-concept /
Exploit /
Checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
The basic idea is that user will know whether or not the running system is properly patched with something like KAISER patchset (https://lkml.org/lkml/2017/10/31/884) for example.
Check out my blog post that guides reader through a Meltdown proof-of-concept: http://funwithbits.net/blog/programmers-guide-to-meltdown/
*** Only works on Linux for now ***
How it works?
It works by using /proc/kallsyms to find system call table and checking whether the address of a system call found by exploiting MELTDOWN match the respective one in /proc/kallsyms.
Getting started
Clone, then run make to compile the project, then run meltdown-checker:
git clone https://github.com/raphaelsc/Am-I-affected-by-Meltdown.git
cd ./Am-I-affected-by-Meltdown
make
taskset 0x1 ./meltdown-checker
What to do when you face:
-
Unable to read /proc/kallsyms...That's because your system may be preventing the program from reading kernel symbols in
/proc/kallsymsdue to/proc/sys/kernel/kptr_restrictset to1. The following command will do the tricky:sudo sh -c "echo 0 > /proc/sys/kernel/kptr_restrict" -
Unable to read /boot/System.map-.That could probably be because your system not having
/bootmounted. This program relies on that partition and thus you'd need to mount your/bootpartition first.
Please open an issue if you have an idea on how to fallback to another approach in this scenario.
Example output for a system affected by Meltdown:
Checking whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN ...
Checking syscall table (sys_call_table) found at address 0xffffffffaea001c0 ...
0xc4c4c4c4c4c4c4c4 -> That's unknown
0xffffffffae251e10 -> That's SyS_write
System affected! Please consider upgrading your kernel to one that is patched with KAISER
Check https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html for more details
Recommend
-
171
README This project hosts various proof-of-conce...
-
117
Files Permalink Latest...
-
222
MELTDOWN EXPLOIT POC Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache. Lipp et. al 2018 published their code 2018-01-09 at
-
138
Meltdown/Spectre https://cxsecurity.com/issue/WLB-2018010039 HOW TO USE On MacOS X brew install cmake mkdir build cd build cma...
-
134
README.md IMPORTANT: Is provided only for educational or information purposes. CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x befo...
-
12
CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability This is a proof of concept for CVE-2021-31166 ("HTTP Protocol Stack Remote Cod...
-
5
OMIGOD Proof on Concept Exploit for CVE-2021-38647 (OMIGOD) For background information and context, read the our blog post detailing this vulnerability: https://www.horizon3.a...
-
6
Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: This bug affects nearly all log4j2 and maybe log4j1 versions. The recommended version...
-
6
log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minec...
-
4
CVE-2022-0778 The discovered vulnerability triggers an infinite loop in the function BN_mod_sqrt() of OpenSSL while parsing an X.509 certificate. This happens because the p parameter is supposed to be...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK