0

It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM (Source). The list of affected Intel platforms and AMD processors is long.

Is there a way (command, script) to check whether a specific computer's processor, e.g your own computer, is vulnerable to Meltdown and Spectre in the first place, regardless whether patches have already been applied?

This knowledge base gives a nice overview on the topic of Spectre and Meltdown for Ubuntu.

wjandrea
  • 14,236
  • 4
  • 48
  • 98
Filbuntu
  • 13,021
  • 37
  • 88
  • 112

1 Answers1

2

If you have a Core i-family processor, it's vulnerable (not sure about Core2 and late Pentium). If you have an Atom, it's vulnerable. If you have an ARM, it's vulnerable. According to some reports, if you have an AMD FX or Ryzen, it's vulnerable. The vulnerability applies to all processor families that use so-called "speculative execution" -- which includes many GPUs, as well as all current CPUs. It may not apply to older designs like Core2 or Pentium, however, as it's a relatively new capability. If you're running a Core2 or Pentium, you need to check if your CPU has that capability; otherwise, you don't -- your hardware is vulnerable.

The question you should be asking (or searching, it's been asked a number of times already in the past week) is whether your particular Ubuntu version has been or will be patched for this vulnerability. There are no BIOS patches; what needs patching is the CPU microcode, which is applied with kernel updates, not BIOS updates.

Zeiss Ikon
  • 5,128
  • thank you for you answer. I am looking for a way to check my computer's specific processor. There may be BIOS updates/patches in the future. – Filbuntu Jan 12 '18 at 13:44
  • The vulnerability applies to all processor families that use so-called "speculative execution" -- which includes many GPUs, as well as all current CPUs. It may not apply to older designs like Core2 or Pentium, however, as it's a relatively new capability. If you're running a Core2 or Pentium, you need to check; otherwise, you don't -- your hardware is vulnerable. The patches are for microcode, not BIOS, BTW. – Zeiss Ikon Jan 12 '18 at 13:49
  • @ZeissIkon I thought the patch was for the kernel not microcode? eg kernel 4.14.12, 4.14.13 and 4.14.14 which came out 8 hours ago or so. Also Long Term Support kernel 4.9.76, 4.9.77, etc. and 4.4.109, 4.4.110, 4.4.111, etc. – WinEunuuchs2Unix Jan 18 '18 at 01:06