关联漏洞
标题:Intel和ARM CPU芯片信息泄露漏洞 (CVE-2017-5754)Description:ARM Cortex-R7等都是英国ARM公司的产品。ARM Cortex-R7是一款中央处理器(CPU)。Cortex-R8是一款中央处理器(CPU)。Intel Xeon CPU E5-1650等都是美国英特尔(Intel)公司的产品。Xeon CPU E5-1650是一款中央处理器(CPU)。 Intel和ARM CPU芯片存在信息泄露漏洞,该漏洞源于处理器数据边界机制中存在缺陷。本地攻击者可通过滥用‘错误推测执行’利用该漏洞读取读取内存信息。以下产品和版本受到影响:ARM Cortex-A75;I
Description
Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
介绍
## Am I affected by Meltdown?! Meltdown (CVE-2017-5754) checker
#### What am I?
Proof-of-concept /
Exploit /
Checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
The basic idea is that user will know whether or not the running system is properly patched with
something like KAISER patchset (https://lkml.org/lkml/2017/10/31/884) for example.
Check out my blog post that guides reader through a Meltdown proof-of-concept: http://funwithbits.net/blog/programmers-guide-to-meltdown/
*** Only works on Linux for now ***
#### How it works?
It works by using */proc/kallsyms* to find system call table and checking whether the address of a
system call found by exploiting MELTDOWN match the respective one in */proc/kallsyms*.
#### Getting started
Clone, then run `make` to compile the project, then run `meltdown-checker`:
```
git clone https://github.com/raphaelsc/Am-I-affected-by-Meltdown.git
cd ./Am-I-affected-by-Meltdown
make
taskset 0x1 ./meltdown-checker
```
#### What to do when you face:
- `Unable to read /proc/kallsyms...`
That's because your system may be preventing the program from reading kernel symbols in `/proc/kallsyms` due to `/proc/sys/kernel/kptr_restrict` set to `1`.
The following command will do the tricky:
```
sudo sh -c "echo 0 > /proc/sys/kernel/kptr_restrict"
```
- `Unable to read /boot/System.map-.`
That could probably be because your system not having `/boot` mounted. This program relies on that partition and thus you'd need to mount your `/boot` partition first.
*Please open an issue if you have an idea on how to fallback to another approach in this scenario.*
#### Example output for a system affected by Meltdown:
```
Checking whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN ...
Checking syscall table (sys_call_table) found at address 0xffffffffaea001c0 ...
0xc4c4c4c4c4c4c4c4 -> That's unknown
0xffffffffae251e10 -> That's SyS_write
System affected! Please consider upgrading your kernel to one that is patched with KAISER
Check https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html for more details
```
文件快照
[4.0K] /data/pocs/7e20120eb7f06acf7d6202770195b731a26ed2e7
├── [4.9K] assembly_utils.hh
├── [4.0K] images
│ ├── [ 14K] melting.jpg
│ └── [ 76K] output.png
├── [1.3K] LICENSE
├── [ 377] Makefile
├── [ 13K] meltdown_checker.cc
└── [2.4K] README.md
1 directory, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。