• Stars
    star
    346
  • Rank 122,430 (Top 3 %)
  • Language
  • License
    The Unlicense
  • Created almost 7 years ago
  • Updated almost 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Summary of the patch status for Meltdown / Spectre

meltdownspectre-patches

Summary of the patch status for Meltdown / Spectre

What?

Meltdown and Spectre are hardware design vulnerabilities in all modern CPUs based on speculative execution. Background infos:

The bug is in the hardware, but mitigations in operating systems are possible and are getting shipped now. I'm collecting notes on the patch status in various software products. This will change rapidly and may contain errors. If you have better info please send pull requests.

Spectre & Meltdown Checkers

(Use at your own risk)

  • Linux: Stéphane Lesimple put together a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs.
  • Linux: Red Hat Check Script - get the latest version from the diagnose tab of the main Red Hat vulnerability article.
  • Linux: Debian Spectre-Meltdown Checker - Spectre & Meltdown vulnerability/mitigation checker available in stretch-backports.
  • Microsoft Windows: See the Windows section in this document containing the link to the official Powershell script.

PoCs

  • In a recent tweet, Moritz Lipp (Graz University of Technology) has announced the release of their PoC implementations for Meltdown.
  • In a recent tweet, Jann Horn (Google's Project Zero) has announced that the PoC code referenced in their recent blogpost about CPUs is now public.
  • The LSDS group at Imperial College London has published sample code demonstrating a Spectre-like attack against an Intel SGX enclave.
  • Dag-Erling Smørgrav published a Meltdown PoC for FreeBSD.

Linux upstream kernel

Kernel Page Table Isolation is a mitigation in the Linux Kernel, originally named KAISER.

Noteworthy:

minipli patches

minipli is an unofficial fork of the former grsecurity patches (original grsecurity is no longer publicly available). minipli is based on the longterm kernel 4.9, which supports KPTI since 4.9.75, yet the patchset isn't ported yet.

Android

Windows

Update - Tue 9 Jan 09:00 UTC

Microsoft has reports of some customers with AMD devices getting into an unbootable state after installing this KB. To prevent this issue, Microsoft will temporarily pause Windows OS updates to devices with impacted AMD processors (older CPUs, eg. Athlon and Sempron) at this time. Microsoft is working with AMD to resolve this issue and resume Windows OS security updates to the affected AMD devices via Windows Update and WSUS as soon as possible. If you have experienced an unbootable state or for more information see KB4073707. For AMD specific information please contact AMD.

Update - Sat 27 Jan

Apple

Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown.

Update Mon 8 Jan 18:00 UTC

Apple has released security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715):

Update - Sun 7 Jan 2018, 9:00 UTC

Based on the Apple's response posted here, Meltdown (CVE-2017-5754) is currently only addressed in iOS 11.2, macOS 10.13.2, and tvOS 11.2. Apple cannot say at this time if there will be updates to OS versions prior to the ones listed in their article at this time. The same can be said for Spectre (CVE-2017-5753 and CVE-2017-5715) and any updates for Safari. This means that at this given time there are NO patches for 10.11.x (El Capitan) or 10.12.x (Sierra).

Linux distributions

FreeBSD

Virtualization

Browsers

Update Mon 8 Jan 2018, 13:00 UTC

Tencent's Xuanwu Lab has released a web-based tool that can detect whether your browser is vulnerable to Spectre Attack and can be easily exploited. Official tweet: https://twitter.com/XuanwuLab/status/950345917013504001

Cloud Providers

Chip Manufacturers / HW Vendors

CERTs

CPU microcode

Update - Wed 17 Jan 8:30 UTC

Red Hat is currently recommending that subscribers contact their CPU OEM vendor to download the latest microcode/firmware. Red Hat is no longer providing microcode to address Spectre variant 2, due to instabilities that are causing systems to not boot. More details can be found in this article (subscription required).

Update - Tue 9 Jan 21:50 UTC

Latest Intel microcode update (released 1/8/2018) is 20180108. According to its release notes:

-- Updates upon 20171117 release --
IVT C0		(06-3e-04:ed) 428->42a
SKL-U/Y D0	(06-4e-03:c0) ba->c2
BDW-U/Y E/F	(06-3d-04:c0) 25->28
HSW-ULT Cx/Dx	(06-45-01:72) 20->21
Crystalwell Cx	(06-46-01:32) 17->18
BDW-H E/G	(06-47-01:22) 17->1b
HSX-EX E0	(06-3f-04:80) 0f->10
SKL-H/S R0	(06-5e-03:36) ba->c2
HSW Cx/Dx	(06-3c-03:32) 22->23
HSX C0		(06-3f-02:6f) 3a->3b
BDX-DE V0/V1	(06-56-02:10) 0f->14
BDX-DE V2	(06-56-03:10) 700000d->7000011
KBL-U/Y H0	(06-8e-09:c0) 62->80
KBL Y0 / CFL D0	(06-8e-0a:c0) 70->80
KBL-H/S B0	(06-9e-09:2a) 5e->80
CFL U0		(06-9e-0a:22) 70->80
CFL B0		(06-9e-0b:02) 72->80
SKX H0		(06-55-04:b7) 2000035->200003c
GLK B0		(06-7a-01:01) 1e->22

Update - Thu 4 Jan 2018, 15:30 UTC

It seems that the new Intel’s microcode archive (2017-12-15) provided with the latest Red Hat’s microcode_ctl update includes three new files: 06-3f-02, 06-4f-01, 06-55-04.

Based on what we know:

  1. it adds one new CPUID and two MSR for the variant of Spectre that uses indirect branches
  2. it forces LFENCE to terminate the execution of all previous instructions, thus having the desired effect for the variant of Spectre that uses conditional branches (out-of-bounds-bypass)

Those IDs belong to the following processor microarchitectures: Haswell, Broadwell, Skylake (official reference)

Update - Thu 4 Jan 2018, 16:30 UTC

Regarding AMD's microcode update: it seems to be only for EPYC (maybe Ryzen, not sure!) and it only adds one of the two MSRs (IA32_PRED_CMD). It uses a different bit than Intel's in the CPUID. It is also for Spectre with indirect branches. Previous microprocessors resolved it with a chicken bit. Please note that the same solution implemented at kernel level works for both Intel and AMD.

Update - Fri 5 Jan 2018, 03:35 UTC

Debian Project package maintainers released an updated version of the "intel-microcode" package (version 2017-12-15) for the Sid (unstable) branch olny. Upon inspection, it seems to contain the same microcode additions observed in the Red Hat microcode_ctl update of Thu 4 Jan 2018, 15:30 UTC. The package in compatible with all Debian-based distributions that support post-boot microcode updates.

Antiviruses

Some Antiviruses do things that break when installing the Windows patches, therefore Microsoft doesn't automatically install the patches on those systems.

Vendor overview: https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

RDBMS

NOSQL

Embedded Devices

Compilers

More Repositories

1

snallygaster

Tool to scan for secret files on HTTP servers
Python
2,047
star
2

bashcheck

test script for shellshocker and related vulnerabilities
Shell
653
star
3

php-crashers

Example scripts that cause segfaults in PHP
PHP
448
star
4

vulns

Named vulnerabilities and their practical impact
430
star
5

vacdec

Python script to decode the EU Covid-19 vaccine certificate
Python
242
star
6

optionsbleed

Python
145
star
7

tlshelpers

A collection of shell scripts that help handling X.509 certificate and TLS issues
Shell
127
star
8

tls-what-can-go-wrong

TLS - what can go wrong?
100
star
9

smtpsmug

Python
94
star
10

hpkp

HTTP Public Key Pinning (HPKP) pin generation tools
Shell
71
star
11

apache-uaf

Apache use after free bug infos / ASAN stack traces
65
star
12

superfishy

Archive of software and other data involved in the Superfish / Komodia incident
Python
59
star
13

fpmvuln

bash poc scripts to exploit open fpm ports
Shell
58
star
14

lecaa

Check for Let's Encrypt CAA issue
Shell
53
star
15

hackercon

List of Free Software and IT Security related conferences
52
star
16

bignum-fuzz

Code to fuzz bignum libraries
C
46
star
17

selftls

Sample application to let OpenSSL talk to itself (for fuzzing)
C
33
star
18

pgpecosystem

Scripts to parse and analyze pgp key server data
Python
31
star
19

com2txt

com2txt tool (from 1993)
C
30
star
20

zipeinfo

ZIP encryption info
Python
29
star
21

alphasecret

Find PNG files with suspicious data in alpha channel
Shell
28
star
22

ctgrab

Shell
25
star
23

pgpbugs

A history of PGP-related vulnerabilities
21
star
24

mmapfail

Simple shell script to detect bad checks of mmap() return value
C
19
star
25

ed25519hetzner

Script to scan OpenSSH host key and known_hosts files for shared keys from server hoster Hetzner
Shell
19
star
26

pwncloud

proof of concept to backdoor files from owncloud encryption module
Shell
17
star
27

svnscraper

bash script to download publicly available .svn directories
Shell
16
star
28

libfuzzer-examples

examples for libfuzzer
C++
15
star
29

secpw

Secure random passwords in Javascript
HTML
14
star
30

ipmx

Python
13
star
31

badocspcert

Check for certs affected by July 2020 OCSP intermediate incident
Shell
13
star
32

jitsivuln

Check for jitis meet default password vulnerability
Python
12
star
33

primecheck

Check Diffie Hellman group prime parameter
Python
11
star
34

pypi-bad

Bad packages from the pypi repository
Python
9
star
35

httpstime

Setting the system time over HTTPS
Shell
9
star
36

mbox2maildir

Script to convert between mbox and maildir format
Python
9
star
37

webminex

poc exploit for webmin backdoor (CVE-2019-15107 and CVE-2019-15231)
8
star
38

asantoo

Overlay to use Gentoo with Address Sanitizer
Shell
8
star
39

emailprotocols

An overview of E-Mail protocols and data formats
8
star
40

silic

silic - simple link checker written in python
Python
7
star
41

rpter

Parse mails with reports from DMARC and SMTP TLS Reporting
Python
7
star
42

uudeview

Decoder and encoder for Base64 (MIME), uuencoded, xxencoded and Binhex files.
C
7
star
43

rompager-check

Online and offline check tool for the RomPager HTTP server and vulnerable versions
PHP
6
star
44

tmobile-login

Trivial bash script to log into Telekom / T-Mobile wireless lan
Shell
6
star
45

fritzbox-keys

private keys found on AVM Fritz!Box firmware images
5
star
46

pwsec

Simple password generator with no options
Shell
5
star
47

xssgame

PHP
5
star
48

exif2osm

Convert JPEG exif geotags to link on openstreetmap.org
Shell
5
star
49

pwbloom

Simple web index to use bloom filter for Pwned Passwords
Python
4
star
50

htpasswdos

Proof of concept for Apache htpasswd denial of service
PHP
4
star
51

symlinkown

Patch for the Linux Kernel to implement "SymlinksIfOwnerMatches" features
Shell
4
star
52

rdrand-test

Testing the rdrand CPU instruction
C
3
star
53

crimesafe-csrf

Create CSRF tokens secure from compression attacks like CRIME/BREACH/TIME/HEIST
PHP
3
star
54

cbugs

examples for C / C++ bugs caught by various safety tools
C
3
star
55

procdown

Harden access to the /proc filesystem in Linux
Shell
3
star
56

CVE-2020-27603-bbb-libreoffice-poc

Proof of Concept of Libreoffice file exfiltration vulnerability in Big Blue Button
3
star
57

svgx

Shell script chaining various SVG optimization tools
Shell
3
star
58

smtpsend

Command line tool to send mails with authentication
Python
2
star
59

fcrdns

Command line Forward-confirmed reverse DNS (FCrDNS) check written in Python
Python
2
star
60

rosproject-scripts

Scripts to compile ROS packages with compiler sanitizers
Shell
2
star
61

websec-examples

Some trivial examples for web vulnerabilities
PHP
2
star
62

gccweverything

Shell
2
star
63

getacmeaccount

Get account ID and other account info with private key for ACME account
Python
2
star
64

whichmicroarch

Shell script to guess CPU microarchitecture for latest CFLAGS
Shell
1
star
65

wolfoverflow

poc for stack buffer overflow in wolfssl
Shell
1
star
66

squirrelpatches

Patches for Squirrelmail
1
star
67

blocklistmaker

Scripts to create compromised key blocklists for the badkeys tool
1
star
68

ros-sanitizer-logs

Logs from ASAN/UBSAN/TSAN tests of ROS
1
star
69

rbltest

Simple script to query mailserver realtime block lists (RBLs)
Python
1
star
70

sanhash

Normalize and hash ASAN/MSAN crash dumps
Shell
1
star
71

snallygaster-testdata

Test data for the snallygaster tool
1
star
72

fpracer

File permission race proof of concept
Python
1
star
73

thrusql

Docker image to access German emission data from thru.de
Dockerfile
1
star
74

wifiinjection

Collection of Screenshots documenting WiFi Networks injecting content into HTTP pages
1
star
75

getkey

Bruteforce-search private keys in larger files
Python
1
star
76

abusescript

Scripts I've been using to inform owners of hosts affected by security vulnerabilities
Shell
1
star
77

acmereflect

quick and dirty check for ACME API endpoints that reflect content
Shell
1
star
78

sriutil

Python
1
star