Check for and Patch Spectre and Meltdown on CentOS7

28/12/2020

How to Check for and Patch Spectre and Meltdown Vulnerability on CentOS7

Spectre and Meltdown Vulnerabilities of Intel and some other processors got quite a lot of attention in 2018. These are really bad hardware security flaws. A lot of Desktops, Laptops, and Servers are affected by Spectre and Meltdown vulnerabilities. Let’s take a look at what these are.

Spectre Vulnerability:

By default, there’s an isolation between different applications in a computer. Spectre vulnerability breaks that isolation. The result is that it allows a hacker to trick an application into leaking their secret information from the kernel module of the operating system.

Meltdown Vulnerability:

By default, there’s an isolation between the user, the applications and the operating system of a computer. Meltdown breaks this isolation. The end result is that, a hacker can write a program and it can access the memory, even the memory used by other applications and get secret information out of the system.

Checking for Spectre and Meltdown Vulnerabilities:

You can use a Spectre and Meltdown Checker Script to check whether your processor is vulnerable to Spectre and Meltdown.

To use this script, first navigate to a directory where you would like to download the script. I will download it in the /tmp directory, so it will be removed the next time I boot automatically.

$ cd /tmp

Now run the following command to download the Spectre and Meltdown Checker Script from GitHub using wget:

$ wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh

Spectre and Meltdown Checker Script should be downloaded.

Now run the Spectre and Meltdown Checker script with the following command:

$ sudo sh spectre-meltdown-checker.sh

This is the output from my computer. You can see that my intel processor is affected by Spectre and Meltdown vulnerabilities. But luckily there’s a way to patch it.

The marked codes CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 are used to identify these vulnerabilities internationally. If you happened to run into any problem, you may search on Google with these codes. Hopefully you will find something useful.

Fixing Spectre and Meltdown Vulnerabilities with Kernel Upgrade:

To fix Spectre and Meltdown Vulnerabilities RHEL7/CentOS 7 released recommended kernel upgrades. All you have to do is update the kernel and you will be able to fix these issues.

First check the version of Kernel you’re running using the following command:

$ uname -r

You can see that I am running kernel 3.10.0-693 on my CentOS 7 machine.

Now I am going to update the CentOS 7 operating system. The kernel should be updated along with the operating system.
Run the following command to update the CentOS 7 operating system:

$ sudo yum update

Press ‘y’ and press to continue.

The updated packages should be downloaded and installed from the internet. It may take a while depending on your internet connection.

The update should go smoothly.

Once the update is complete, restart your computer. This is recommended as the kernel is also updated.

Once your computer boots, you can run the following command to check for the kernel version that you’re using again:

$ uname -r

You should see a different kernel version than before. Earlier for me it was 3.10.0-693 and now it is 3.10.0-693.11.6

You can check whether any changes were made to the kernel for CVE-2017-5715 vulnerability with the following command:

$ rpm -q –changelog kernel | egrep ‘CVE-2017-5715’

You should find a lot of matches on CentOS 7. That’s a good sign.

You can also check for kernel changes related to CVE-2017-5753 with the following command:

$ rpm -q –changelog kernel | egrep ‘CVE-2017-5753’

You can also check for kernel changes related to CVE-2017-5754 with the following command:

$ rpm -q –changelog kernel | egrep ‘CVE-2017-5754’

You can also run the Spectre and Meltdown Checker Script again to find out what were patched in the kernel upgrade.

You can see from the screenshot below that a lot of vulnerabilities were patched after the kernel updated. As of this writing, there are still some vulnerabilities that are not patched. Keep your eyes on the future kernel updates of CentOS 7. All of these will be fixed eventually.

That’s how you find out whether your processor is vulnerable to Spectre and Meltdown attacks on CentOS 7 and patch CentOS 7 for Spectre and Meltdown vulnerabilities. Thanks for reading this article.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

[Zabbix] Cấu hình Zabbix Server gửi cảnh báo qua gmail

Việc gửi cảnh báo tình trạng của hệ thống là một điều không thể thiếu với mỗi công cụ...
30/12/2020

Hướng dẫn cấu hình và thiết lập TIG stack để giám sát Network

Trong bài viết trước, Onet đã giới thiệu và hướng dẫn cài đặt TIG stack để giám sát hệ thống. Hôm...
30/12/2020

Install Python PIP on CentOS7

Python PIP is a package manager for Python, just like Yum is a package manager for CentOS 7 and RHEL 7. In this article,...
28/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

Reliable IPv4 and IPv6 Subnet Rental Services: The Perfect Solution for Global Businesses
23/12/2024

Tìm Hiểu Về Thuê Proxy US – Lợi Ích và Cách Sử Dụng Hiệu Quả
11/12/2024

Mua Proxy V6 Nuôi Facebook Spam Hiệu Quả Tại Onetcomvn
03/06/2024

Hướng dẫn cách sử dụng ProxyDroid để duyệt web ẩn danh
03/06/2024

Mua proxy Onet uy tín tại Onet.com.vn
03/06/2024