They affect us all, so we’ve put together a straightforward tutorial for Linux users to see if their PCs are protected against the Meltdown and Spectre security vulnerabilities or not.
Publicly disclosed earlier this month, Meltdown and Spectre are the names of two security vulnerabilities that affect billions of devices powered by modern processors from Intel, AMD, and ARM. They allow unprivileged attackers to steal sensitive information like passwords or encryption keys from memory, including the kernel memory, using locally installed applications or simple web scripts.
For several months now, the industry has been working on patching these sever vulnerabilities affecting CPUs made in the past two decades, but while many vendors are still updating their software and operating systems against Meltdown and Spectre, we’re still not there yet, as one of the security researchers responsible for the discovery of these hardware bugs said, “Spectre will hunt us for years.”
Ubuntu, Debian, Arch Linux, openSUSE, Linux Mint, Fedora, Red Hat, CentOS, CoreOS, and numerous other popular GNU/Linux distributions released kernel and software updates in the past two weeks to mitigate both Meltdown and Spectre attacks. Intel and AMD also pushed microcode firmware updates to partially protect users against the Spectre vulnerability, which is harder to fix than Meltdown.
Here’s how to check if your Linux PC is protected or not
Developer Stéphane Lesimple has created a very useful Spectre and Meltdown vulnerability/mitigation checker for Linux systems, which he distributes for free on GitHub. Anyone can download it to check if their favorite GNU/Linux distributions are protected against Meltdown and Spectre bugs or not. You can download the latest version of the tool right now from here.
Save the archive on your home folder and extract it. Open a terminal and navigate to the location of the extracted files. There, run the sh ./spectre-meltdown-checker.sh command as root user to see if your computer is protected against Meltdown and Spectre attacks or not. It’s pretty easy to use, and it doesn’t need any further input from the user. It will immediately list the neccessary information.
If you see that your Linux computer is vulnerable to both variants of the Spectre attack, make sure you install the microcode firmware for your Intel or AMD CPU, as well as to use a kernel compiled with retpoline option and a retpoline-aware compiler. Check with your OS vendors to see if they have such a kernel package available for your distribution.
By now, most distros should be patched against the Meltdown vulnerability, but as Spectre is hardware to fix, there will still be kernel updates and microcode firmware patches released in the coming days, so make sure you keep your computers up-to-date at all times. Make is a daily habit if you want, but do install any new software updates as soon as they’re available.