-
Notifications
You must be signed in to change notification settings - Fork 47
/
check-hardware-vulnerabilities
executable file
·65 lines (53 loc) · 2.25 KB
/
check-hardware-vulnerabilities
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/sh
# This file is part of KASLD - https://github.com/bcoles/kasld
#
# Check for various known hardware vulnerabilities which can
# be used to read arbitrary kernel memory.
#
# Note: Outdated systems which pre-date patches for CPU vulnerabilities
# will not report CPU vulnerabilties and associated mitigations,
# thus cannot be checked using this script.
#
# References:
# https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html
# ---
echo "[.] CPU:"
echo "$(grep 'model name' /proc/cpuinfo | uniq)"
echo "$(grep 'cpu cores' /proc/cpuinfo | uniq)"
echo "total cores : $(nproc)"
echo
echo "[.] Checking /proc/cpuinfo bugs ..."
echo "$(grep 'bugs' /proc/cpuinfo | uniq)"
echo
echo "[.] Checking /sys/devices/system/cpu/vulnerabilities mitigations ..."
grep -sr Vulnerable /sys/devices/system/cpu/vulnerabilities/
echo
if grep -s -q Vulnerable /sys/devices/system/cpu/vulnerabilities/spectre_v1 ; then
echo "[.] CPU vulnerable to spectre v1 (CVE-2017-5753)"
fi
if grep -s -q Vulnerable /sys/devices/system/cpu/vulnerabilities/spectre_v2 ; then
echo "[.] CPU vulnerable to spectre v2 (CVE-2017-5715)"
fi
if grep -s -q Vulnerable /sys/devices/system/cpu/vulnerabilities/meltdown ; then
echo "[.] CPU vulnerable to meltdown (CVE-2017-5754). Try:"
echo " https://github.com/paboldin/meltdown-exploit"
fi
if grep -s -q Vulnerable /sys/devices/system/cpu/vulnerabilities/spec_store_bypass ; then
echo "[.] CPU vulnerable to spectre v4 (CVE-2018-3639)"
fi
if grep -s -q Vulnerable /sys/devices/system/cpu/vulnerabilities/retbleed ; then
echo "[.] CPU vulnerable to RETBleed (CVE-2022-29900 / CVE-2022-29901). Try:"
echo " https://github.com/comsec-group/retbleed"
fi
if grep -s -q Vulnerable /sys/devices/system/cpu/vulnerabilities/mds ; then
echo "[.] CPU vulnerable to Microarchitectural Data Sampling (MDS) attacks. Try:"
echo " https://github.com/vusec/ridl"
fi
if grep -s -q Vulnerable /sys/devices/system/cpu/vulnerabilities/tsx_async_abort ; then
echo "[.] CPU vulnerable to TSX asynchronous abort (CVE-2019-11135). Try:"
echo " https://github.com/vnik5287/kaslr_tsx_bypass"
fi
echo
echo "[.] For more accurate Spectre/Meltdown results, try:"
echo " https://github.com/speed47/spectre-meltdown-checker"