spectre-meltdown-checker - Spectre & Meltdown vulnerability/mitigation checker for Linux

•    Shell

---

A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018. For Linux systems, the script will detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number and the distribution (such as Debian, Ubuntu, CentOS, RHEL, Fedora, openSUSE, Arch, ...), it also works if you've compiled your own kernel.

mitigation kernel meltdown spectre cve-2017-5753 cve-2017-5715 cve-2017-5754 freebsd netbsd dragonflybsd cve-2018-3640 cve-2018-3639 foreshadow cve-2018-3615 cve-2018-3620 cve-2018-3646

Am-I-affected-by-Meltdown - Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a

•    C++

---

Checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN. The basic idea is that user will know whether or not the running system is properly patched with something like KAISER patchset (https://lkml.org/lkml/2017/10/31/884) for example.

meltdown kpti kaiser pti exploit poc security intelbug

SpecuCheck - SpecuCheck is a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre)

•    C

---

SpecuCheck is a Windows utility for checking the state of the software and hardware mitigations against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4). It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 and reports the data as seen by the Windows Kernel. An official Microsoft Powershell Cmdlet Module now exists as well, which is the recommended and supported way to get this information.

meltdown spectre intelbug kernel internals cpu kaiser kpti

Hardware-and-Firmware-Security-Guidance - Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance

•    C

---

This repository provides content for aiding DoD administrators in verifying systems have applied and enabled mitigations for hardware and firmware vulnerabilities such as side-channel and UEFI vulnerabilities. The repository is a companion to NSA Cybersecurity Advisories such as Vulnerabilities Affecting Modern Processors. This repository is updated as new information, research, strategies, and guidance are developed. The following mitigations generally apply to all systems. For specific steps for a particular operating system or vendor product, consult detailed instructions and strategies at Specific Guidance.

audit vulnerability cve nessus spectre guidance meltdown cve-2017-5754 cve-2017-5715 cve-2017-5753 cve-2018-3640 cve-2018-3639 cve-2018-3693 cve-2018-3665

spectre-meltdown-poc - A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

•    C

---

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

spectre meltdown vulnerability intelbug proof-of-concept exploit

spectre-attack-demo - Reproducing malicious memory reading on Intel i5 and Intel Xeon using a Spectre attack

•    C

---

This shows my own try of Proof of Concept Exploit demonstrating the Spectre attack. Unfortunately, I have been able to reproduce it smoothly both on my local laptop and on my AWS Server.

spectre meltdown attack vulnaribility intel processors cpu aws

inspec-meltdownspectre - Inspec profile to test for the presence of the Meltdown/Spectre vulnerabilities

•    Ruby

---

Inspec profile to test for the presence of the Meltdown/Spectre vulnerabilities

inspec spectre devsecops meltdown