Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2017-5754 PoC — Intel和ARM CPU芯片信息泄露漏洞

Source
https://github.com/raphaelsc/Am-I-affected-by-Meltdown
Associated Vulnerability
Title:Intel和ARM CPU芯片信息泄露漏洞 (CVE-2017-5754)
Description:Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
Description
Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
Readme
## Am I affected by Meltdown?! Meltdown (CVE-2017-5754) checker

![Alt text](https://github.com/raphaelsc/Am-I-affected-by-Meltdown/blob/master/images/melting.jpg)

#### What am I?

Proof-of-concept /

Exploit /

Checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

The basic idea is that user will know whether or not the running system is properly patched with
something like KAISER patchset (https://lkml.org/lkml/2017/10/31/884) for example.

Check out my blog post that guides reader through a Meltdown proof-of-concept: http://funwithbits.net/blog/programmers-guide-to-meltdown/

*** Only works on Linux for now ***

#### How it works?
It works by using */proc/kallsyms* to find system call table and checking whether the address of a
system call found by exploiting MELTDOWN match the respective one in */proc/kallsyms*.

#### Getting started

Clone, then run `make` to compile the project, then run `meltdown-checker`:

```
git clone https://github.com/raphaelsc/Am-I-affected-by-Meltdown.git
cd ./Am-I-affected-by-Meltdown
make
taskset 0x1 ./meltdown-checker
```

#### What to do when you face:
  - `Unable to read /proc/kallsyms...`
  
    That's because your system may be preventing the program from reading kernel symbols in `/proc/kallsyms` due to `/proc/sys/kernel/kptr_restrict` set to `1`.
  The following command will do the tricky:
    ```
    sudo sh -c "echo 0  > /proc/sys/kernel/kptr_restrict"
    ```
  - `Unable to read /boot/System.map-.`
  
    That could probably be because your system not having `/boot` mounted. This program relies on that partition and thus you'd need to mount your `/boot` partition first.

*Please open an issue if you have an idea on how to fallback to another approach in this scenario.*

#### Example output for a system affected by Meltdown:

![Alt text](https://github.com/raphaelsc/Am-I-affected-by-Meltdown/blob/master/images/output.png)

```
Checking whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN ...
Checking syscall table (sys_call_table) found at address 0xffffffffaea001c0 ...
0xc4c4c4c4c4c4c4c4 -> That's unknown
0xffffffffae251e10 -> That's SyS_write

System affected! Please consider upgrading your kernel to one that is patched with KAISER
Check https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html for more details
```
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →