Check for and Patch Spectre and Meltdown on Debian

28/12/2020
Chưa phân loại

Spectre Vulnerability

Spectre vulnerability breaks the isolation between the applications in your computer. So an attacker can trick a less secure application to reveal information about other secure applications from the kernel module of the operating system.

Meltdown Vulnerability

Meltdown breaks the isolation between the user, the applications and the operating system. So an attacker can write a program and it can access the memory location of that program as well as other programs and get secret information out of the system.

Spectre and Meltdown vulnerabilities are serious hardware vulnerabilities of Intel processors. In this article, I will show you how to fix Spectre and Meltdown vulnerabilities on Debian. Let’s get started.

Check for Spectre and Meltdown Vulnerabilities:

You can check for Spectre and Meltdown vulnerabilities using the Spectre and Meltdown Vulnerability Checker script.

First, go to the Downloads/ directory in the user’s home directory using the following command:

$ cd Downloads/

Now run the following command to download the Spectre and Meltdown Checker script using wget:

$ wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/
spectre-meltdown-checker.sh

Spectre and Meltdown Checker script should be downloaded.

If you list the contents of the Downloads/ directory now, you should see a file spectre-meltdown-checker.sh as shown in the screenshot below.

Spectre and Meltdown Checker script needs binutils package installed on Debian to work. Before you run Spectre and Meltdown Checker script, make sure you have binutils package installed.

Run the following commands to install binutils package:

$ sudo apt-get update
$ sudo apt-get install binutils -y

binutils should be installed.

Now run the Spectre and Meltdown Checker script with the following command:

$ sudo sh spectre-meltdown-checker.sh

NOTE: Run Spectre and Meltdown Checker script as root user.

You should see something like this. This is the output of my laptop.

You can see from the screenshot below that my laptop’s processor is vulnerable to Spectre and Meltdown.

CVE-2017-5753 is the code of Spectre Variant 1, CVE-2017-5715 is the code of Spectre Variant 2, and CVE-2017-5754 is the code of Meltdown vulnerabilities. If you face any problem or if you want to learn more about them, you can search on the internet using these codes. It may help.

Patching Spectre and Meltdown Vulnerabilities:

First you have to enable Debian updates and security repositories. To do that, you have to either edit /etc/apt/sources.list file directly or run the following command:

$ sudo apt edit-sources

This command may ask you to select a text editor. Once you select an editor, the /etc/apt/sources.list file should be opened with the editor.

Now make sure you have stretch/updates or debian-security, and stretch-updates repository enabled as shown in the screenshot below.

Now update the package repository cache of your Debian machine with the following command:

$ sudo apt-get update

The package repository cache should be updated.

Before updating the kernel, make sure you check the kernel version you’re using currently with the following command. That way you can check whether the kernel is updated or not later.

$ uname -r

As you can see, I am running 4.9.0-3 version of kernel and the architecture is amd64. If you’re running other architecture such as i386, ppc etc, you may see something different. You also pick the version of kernel depending on the architecture. For example, I am using amd64 architecture, so I am going to install an update for amd64 architecture of the kernel.

Now install the Linux kernel package with the following command:

$ sudo apt-get install linux-image-amd64

Remember the last section, amd64, which is the architecture. You may use bash auto completion feature to find out what is available for you and pick an appropriate one.

Now press ‘y’ and press <Enter> to continue.

The kernel should be updated.

Now restart your computer with the following command:

$ sudo reboot

Once your computer boots up, run the following command to check the kernel version you’re currently using.

$ uname -r

You can see that I am using kernel version 4.9.0-5, which is a later version than 4.9.0-3. The upgrade worked perfectly.

Now you can run the Spectre and Meltdown Checker script again to see what were fixed in the kernel update.

$ sudo sh spectre-meltdown-checker.sh

As you can see from the screenshot below, the Meltdown vulnerability was fixed. But the Spectre vulnerabilities were not fixed in the kernel update. But keep an eye on the kernel updates as they arrive. Debian team is working hard to fix all of these issues. It may take a while, but you will get everything fixed eventually.

That’s how you check for and patch Spectre and Meltdown vulnerabilities on Debian. Thanks for reading this article.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Enlightenment DR 0.21.5 Released with bugfix and stability

Enlightenment DR 0.21.5 recently released, is another bugfix and stability release for the Enlightenment 21 Release series....
28/12/2020

How to Install SketchUp Make 2016 on Ubuntu, Linux Mint

This is a quick tutorial on how to install SketchUp Make 2016 on Linux. For those who may not know, SketchUp Make 2016 (Formerly...
28/12/2020

Thuê mua proxy Tiktok tăng doanh thu, hiệu quả cao

Tiktok đang là một trong những nền tảng mạng xã hội được yêu thích và có số lượng tài khoản...
11/05/2024
Bài Viết

Bài Viết Mới Cập Nhật

Tìm Hiểu Về Thuê Proxy US – Lợi Ích và Cách Sử Dụng Hiệu Quả
11/12/2024

Mua Proxy V6 Nuôi Facebook Spam Hiệu Quả Tại Onetcomvn
03/06/2024

Hướng dẫn cách sử dụng ProxyDroid để duyệt web ẩn danh
03/06/2024

Mua proxy Onet uy tín tại Onet.com.vn
03/06/2024

Thuê mua IPv4 giá rẻ, tốc độ nhanh, uy tín #1
28/05/2024