@@ -3,29 +3,65 @@ Spectre & Meltdown Checker
33
44A shell script to assess your system's resilience against the several [ transient execution] ( https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability ) CVEs that were published since early 2018, and give you guidance as to how to mitigate them.
55
6- CVE | Aliases | Impact | Mitigation | Perf. impact
7- --- | ------- | ------ | ---------- | ------------
8- [ CVE-2017 -5753] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 ) | Spectre V1 | Kernel & all software | Recompile with LFENCE-inserting compiler | Negligible
9- [ CVE-2017 -5715] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 ) | Spectre V2 | Kernel | Microcode (IBRS) and/or retpoline | Medium to high
10- [ CVE-2017 -5754] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 ) | Meltdown | Kernel | Kernel update (PTI/KPTI) | Low to medium
11- [ CVE-2018 -3640] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640 ) | Variant 3a | Kernel | Microcode update | Negligible
12- [ CVE-2018 -3639] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 ) | Variant 4, SSB | JIT software | Microcode + kernel update | Low to medium
13- [ CVE-2018 -3615] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615 ) | Foreshadow (SGX) | SGX enclaves | Microcode update | Negligible
14- [ CVE-2018 -3620] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620 ) | Foreshadow-NG (OS/SMM) | Kernel & SMM | Kernel update (PTE inversion) | Negligible
15- [ CVE-2018 -3646] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646 ) | Foreshadow-NG (VMM) | VMM/hypervisors | Kernel update (L1d flush) or disable EPT/SMT | Low to significant
16- [ CVE-2018 -12126] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126 ) | MSBDS, Fallout | Kernel | Microcode + kernel update (MDS group) | Low to significant
17- [ CVE-2018 -12130] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130 ) | MFBDS, ZombieLoad | Kernel | Microcode + kernel update (MDS group) | Low to significant
18- [ CVE-2018 -12127] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127 ) | MLPDS, RIDL | Kernel | Microcode + kernel update (MDS group) | Low to significant
19- [ CVE-2019 -11091] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091 ) | MDSUM, RIDL | Kernel | Microcode + kernel update (MDS group) | Low to significant
20- [ CVE-2019 -11135] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135 ) | TAA, ZombieLoad V2 | Kernel | Microcode + kernel update | Low to significant
21- [ CVE-2018 -12207] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207 ) | iTLB Multihit, No eXcuses | VMM/hypervisors | Disable hugepages or update hypervisor | Low to significant
22- [ CVE-2020 -0543] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543 ) | SRBDS, CROSSTalk | All software (RDRAND/RDSEED) | Microcode + kernel update | Low
23- [ CVE-2022 -40982] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982 ) | Downfall, GDS | Kernel & all software | Microcode update or disable AVX | Negligible to significant (AVX-heavy)
24- [ CVE-2023 -20569] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569 ) | Inception, SRSO | Kernel & all software | Kernel + microcode update | Low to significant
25- [ CVE-2023 -20593] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593 ) | Zenbleed | Kernel & all software | Kernel (MSR bit) or microcode update | Negligible
26- [ CVE-2023 -23583] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23583 ) | Reptar | All software | Microcode update | Low
27- [ CVE-2024 -36350] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350 ) | TSA-SQ | Kernel & all software (AMD) | Microcode + kernel update; SMT increases exposure | Low to medium
28- [ CVE-2024 -36357] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357 ) | TSA-L1 | Kernel & all software (AMD) | Microcode + kernel update | Low to medium
6+ CVE | Name | Aliases
7+ --- | ---- | -------
8+ [ CVE-2017 -5753] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 ) | Bounds Check Bypass | Spectre Variant 1
9+ [ CVE-2017 -5715] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 ) | Branch Target Injection | Spectre Variant 2
10+ [ CVE-2017 -5754] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 ) | Rogue Data Cache Load | Meltdown, Variant 3
11+ [ CVE-2018 -3640] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640 ) | Rogue System Register Read | Variant 3a
12+ [ CVE-2018 -3639] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 ) | Speculative Store Bypass | Variant 4, SSB
13+ [ CVE-2018 -3615] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615 ) | L1 Terminal Fault | L1TF, Foreshadow (SGX)
14+ [ CVE-2018 -3620] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620 ) | L1 Terminal Fault | L1TF, Foreshadow-NG (OS/SMM)
15+ [ CVE-2018 -3646] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646 ) | L1 Terminal Fault | L1TF, Foreshadow-NG (VMM)
16+ [ CVE-2018 -12126] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126 ) | Microarchitectural Store Buffer Data Sampling | MSBDS, Fallout
17+ [ CVE-2018 -12130] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130 ) | Microarchitectural Fill Buffer Data Sampling | MFBDS, ZombieLoad
18+ [ CVE-2018 -12127] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127 ) | Microarchitectural Load Port Data Sampling | MLPDS, RIDL
19+ [ CVE-2019 -11091] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091 ) | Microarchitectural Data Sampling Uncacheable Memory | MDSUM, RIDL
20+ [ CVE-2019 -11135] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135 ) | TSX Asynchronous Abort | TAA, ZombieLoad V2
21+ [ CVE-2018 -12207] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207 ) | Machine Check Exception on Page Size Changes | MCEPSC, iTLB Multihit, No eXcuses
22+ [ CVE-2020 -0543] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543 ) | Special Register Buffer Data Sampling | SRBDS, CROSSTalk
23+ [ CVE-2022 -40982] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982 ) | Gather Data Sampling | GDS, Downfall
24+ [ CVE-2023 -20569] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569 ) | Return Address Security | Inception, RAS, SRSO
25+ [ CVE-2023 -20593] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593 ) | Cross-Process Information Leak | Zenbleed
26+ [ CVE-2023 -23583] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23583 ) | Redundant Prefix Issue | Reptar
27+ [ CVE-2024 -36350] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350 ) | Transient Scheduler Attack, Store Queue | TSA-SQ
28+ [ CVE-2024 -36357] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357 ) | Transient Scheduler Attack, L1 | TSA-L1
29+
30+ ## Am I at risk?
31+
32+ Depending on your situation, the table below answers whether an attacker in a given position can extract data from a given target.
33+ The "Userland → Kernel" column also applies within a VM (VM userland vs. VM kernel), since the same CPU mechanisms are at play regardless of virtualization.
34+
35+ Vulnerability | Userland → Kernel | Userland → Userland | VM → Host | VM → VM
36+ ------------ | :---------------: | :-----------------: | :-------: | :-----:
37+ CVE-2017 -5753 (Spectre V1) | 💥 | 💥 | 💥 | 💥 | Recompile everything with LFENCE
38+ CVE-2017 -5715 (Spectre V2) | 💥 | 💥 | 💥 | 💥 | Microcode + kernel update (or retpoline)
39+ CVE-2017 -5754 (Meltdown) | 💥 | ✅ | ✅ | ✅ | Kernel update
40+ CVE-2018 -3640 (Variant 3a) | 💥 | ✅ | ✅ | ✅ | Microcode update
41+ CVE-2018 -3639 (Variant 4, SSB) | ✅ | 💥 | ✅ | ✅ | Microcode + kernel update
42+ CVE-2018 -3615 (Foreshadow, SGX) | ✅ | ✅ | ✅ | ✅ | Microcode update
43+ CVE-2018 -3620 (Foreshadow-NG, OS/SMM) | 💥 | ✅ | ✅ | ✅ | Kernel update
44+ CVE-2018 -3646 (Foreshadow-NG, VMM) | ✅ | ✅ | 💥 | 💥 | Kernel update (or disable EPT/SMT)
45+ CVE-2018 -12126 (MSBDS, Fallout) | 💥 | 💥 † | 💥 | 💥 † | Microcode + kernel update
46+ CVE-2018 -12130 (MFBDS, ZombieLoad) | 💥 | 💥 † | 💥 | 💥 † | Microcode + kernel update
47+ CVE-2018 -12127 (MLPDS, RIDL) | 💥 | 💥 † | 💥 | 💥 † | Microcode + kernel update
48+ CVE-2019 -11091 (MDSUM, RIDL) | 💥 | 💥 † | 💥 | 💥 † | Microcode + kernel update
49+ CVE-2019 -11135 (TAA, ZombieLoad V2) | 💥 | 💥 † | 💥 | 💥 † | Microcode + kernel update
50+ CVE-2018 -12207 (iTLB Multihit, No eXcuses) | ✅ | ✅ | ☠️ | ✅ | Hypervisor update (or disable hugepages)
51+ CVE-2020 -0543 (SRBDS, CROSSTalk) | 💥 ‡ | 💥 ‡ | 💥 ‡ | 💥 ‡ | Microcode + kernel update
52+ CVE-2022 -40982 (Downfall, GDS) | 💥 | 💥 | 💥 | 💥 | Microcode update (or disable AVX)
53+ CVE-2023 -20569 (Inception, SRSO) | 💥 | ✅ | 💥 | ✅ | Microcode + kernel update
54+ CVE-2023 -20593 (Zenbleed) | 💥 | 💥 | 💥 | 💥 | Microcode update (or kernel workaround)
55+ CVE-2023 -23583 (Reptar) | ☠️ | ☠️ | ☠️ | ☠️ | Microcode update
56+ CVE-2024 -36350 (TSA-SQ) | 💥 | 💥 † | 💥 | 💥 † | Microcode + kernel update
57+ CVE-2024 -36357 (TSA-L1) | 💥 | 💥 † | 💥 | 💥 † | Microcode + kernel update
58+
59+ > 💥 Data can be leaked across this boundary.
60+ > ✅ Not affected in this scenario.
61+ > ☠️ Denial of service (system crash or unpredictable behavior), no data leak.
62+ > † Cross-process leakage requires SMT (Hyper-Threading) to be active — attacker and victim must share a physical core.
63+ > ‡ Only leaks RDRAND/RDSEED output, not arbitrary memory; still allows recovering cryptographic material from any victim.
64+ > CVE-2018 -3615 (Foreshadow SGX) inverts the normal trust model: the OS reads SGX enclave data. It is irrelevant unless the system runs SGX enclaves, and the attacker must already have OS-level access.
2965
3066<details >
3167<summary >Detailed CVE descriptions</summary >
0 commit comments