Spectre＆Meltdown Checker是一个shell脚本，用于检查以下Intel/AMD/ARM和其他CPU的错误：

• CVE-2017-5753：边界检查绕过(Spectre Variant 1)。
• CVE-2017-5715：分支目标注入(Spectre Variant 2)。
• CVE-2017-5754：恶意数据缓存加载(Meltdown)。

安装spectre-meltdown-checker.sh

下载spectre-meltdown-checker.sh脚本

$ cd /tmp/
$ wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh

或者

$ git clone https://github.com/speed47/spectre-meltdown-checker.git

如何检查Linux是否存在Spectre和Meltdown漏洞

使用root身份运行脚本：

$ sudo sh spectre-meltdown-checker.sh

Ubuntu Linux 输出示例：

[sudo] password for Hyman: 
Spectre and Meltdown mitigation detection tool v0.16
 
Checking vulnerabilities against Linux 4.13.0-21-generic #24-Ubuntu SMP Mon Dec 18 17:29:16 UTC 2017 x86_64
 
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Kernel compiled with LFENCE opcode inserted at the proper places:  NO  (only 42 opcodes found, should be >= 70)
> STATUS:  VULNERABLE 
 
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
 
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  NO 
* PTI enabled and active:  NO 
> STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)