0

It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM (Source). The list of affected Intel platforms and AMD processors is long.

Is there a way (command, script) to check whether a specific computer's processor, e.g your own computer, is vulnerable to Meltdown and Spectre in the first place, regardless whether patches have already been applied?

This knowledge base gives a nice overview on the topic of Spectre and Meltdown for Ubuntu.

wjandrea
  • 14,109
  • 4
  • 48
  • 98
Filbuntu
  • 12,241
  • 34
  • 87
  • 110
  • 4
    Possible duplicate of [What is Ubuntu's status on the Meltdown and Spectre vulnerabilities?](https://askubuntu.com/questions/992232/what-is-ubuntus-status-on-the-meltdown-and-spectre-vulnerabilities) Also see this: https://askubuntu.com/a/994193/480481, and then this: https://askubuntu.com/questions/994490/has-anyone-independently-vetted-speed-47s-shell-script-spectre-meltdown-checke – pomsky Jan 12 '18 at 13:50
  • Thank you for raising the question regarding duplicate. I saw the other question [What is Ubuntu's status on the Meltdown and Spectre vulnerabilities?](https://askubuntu.com/questions/992232/what-is-ubuntus-status-on-the-meltdown-and-spectre-vulnerabilities) but it does not have a specific answer to my question. On the other hand the answer [askubuntu.com/a/994193/480481](https://askubuntu.com/questions/992137/how-to-check-that-kpti-is-enabled-on-my-ubuntu/994193#994193) does indeed get close, therefore I am willing to delete this question, but the system does not let me delete it. – Filbuntu Jan 14 '18 at 02:16
  • @Filbuntu Regarding your edit, questions about hardware are off-topic. You can ask on [Super User](https://superuser.com) instead. But like Zeiss wrote, the answer is probably yes. – wjandrea Jan 14 '18 at 02:35
  • 1
    The dupe links to the post on checking KPTI being enabled, and that has a couple of links to the [spectre-meltdown-checker](https://github.com/speed47/spectre-meltdown-checker/blob/master/spectre-meltdown-checker.sh#L151) script, which has a whitelist-check for CPU status. – muru Jan 14 '18 at 07:12
  • Unfortunately I can not add another answer: As of now, there seems no tool to do what I described above and you have to seek more information from the manufacturer of that processor and/or of the device in which it runs. [All Intel processors manufactured since circa 1995 are thought to be vulnerable.](https://github.com/speed47/spectre-meltdown-checker/blob/master/spectre-meltdown-checker.sh#L151) [The spectre-meltdown-checker script](https://github.com/speed47/spectre-meltdown-checker/blob/master/spectre-meltdown-checker.sh#L151) is probably the closest you can get to what I hoped to find. – Filbuntu Jan 17 '18 at 01:08

1 Answers1

2

If you have a Core i-family processor, it's vulnerable (not sure about Core2 and late Pentium). If you have an Atom, it's vulnerable. If you have an ARM, it's vulnerable. According to some reports, if you have an AMD FX or Ryzen, it's vulnerable. The vulnerability applies to all processor families that use so-called "speculative execution" -- which includes many GPUs, as well as all current CPUs. It may not apply to older designs like Core2 or Pentium, however, as it's a relatively new capability. If you're running a Core2 or Pentium, you need to check if your CPU has that capability; otherwise, you don't -- your hardware is vulnerable.

The question you should be asking (or searching, it's been asked a number of times already in the past week) is whether your particular Ubuntu version has been or will be patched for this vulnerability. There are no BIOS patches; what needs patching is the CPU microcode, which is applied with kernel updates, not BIOS updates.

Zeiss Ikon
  • 5,078
  • 5
  • 18
  • 34
  • thank you for you answer. I am looking for a way to check my computer's specific processor. There may be BIOS updates/patches in the future. – Filbuntu Jan 12 '18 at 13:44
  • The vulnerability applies to *all* processor families that use so-called "speculative execution" -- which includes many GPUs, as well as all current CPUs. It may not apply to older designs like Core2 or Pentium, however, as it's a relatively new capability. If you're running a Core2 or Pentium, you need to check; otherwise, you don't -- your hardware is vulnerable. The patches are for microcode, not BIOS, BTW. – Zeiss Ikon Jan 12 '18 at 13:49
  • @ZeissIkon I thought the patch was for the kernel not microcode? eg kernel 4.14.12, 4.14.13 and 4.14.14 which came out 8 hours ago or so. Also Long Term Support kernel 4.9.76, 4.9.77, etc. and 4.4.109, 4.4.110, 4.4.111, etc. – WinEunuuchs2Unix Jan 18 '18 at 01:06