Azure: Meltdown Virus and how does it affect multiple Distros

 

January 3rd has a lot of surprises coming from Google and Microsoft release on spectre and meltdown virus information ahead of Jan 10th planned release. This exploit basically allows high performing processors to leak information and undermine system security.

Virtual Machines are able to access memory information on the host machines as well as other virtual machines owing to the absence of checks as designed in Intel and other processors.

 

 

 

 

 

 

 

 

 

This is primarily based on speculative execution which most of these modern processors have. And this was being exploited.

The vulnerabilities are primarily classified into :

Meltdown (rogue data cache load — CVE-2017-5754)

Spectre variant 1 (bounds check bypass — CVE-2017-5753)

Spectre variant 2 (branch target injection CVE-2017-5715)

Updation on Ubuntu

sudo apt update && sudo apt upgrade && shutdown -r now

 

apt list –upgradable
Listing… Done
libdrm2/xenial-updates 2.4.83-1~16.04.1 amd64 [upgradable from: 2.4.76-1~ubuntu16.04.1]
linux-generic/xenial-updates,xenial-security 4.4.0.109.114 amd64 [upgradable from: 4.4.0.87.93]
linux-headers-generic/xenial-updates,xenial-security 4.4.0.109.114 amd64 [upgradable from: 4.4.0.87.93]
linux-image-generic/xenial-updates,xenial-security 4.4.0.109.114 amd64 [upgradable from: 4.4.0.87.93]
python3-requests/xenial,xenial 2.18.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 2.9.1-3]
python3-urllib3/xenial,xenial 1.21.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 1.13.1-2ubuntu0.16.04.1]

#Install Unattended updates Package
sudo apt-get install unattended-upgrades

#Install Updates
sudo unattended-upgrades -d

#Enable Automatic installation of stable security updates
sudo dpkg-reconfigure unattended-upgrades

apt list –upgradable
Listing… Done
libdrm2/xenial-updates 2.4.83-1~16.04.1 amd64 [upgradable from: 2.4.76-1~ubuntu16.04.1]
python3-requests/xenial,xenial 2.18.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 2.9.1-3]
python3-urllib3/xenial,xenial 1.21.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 1.13.1-2ubuntu0.16.04.1]

shutdown -r now

sudo grep “cpu_insecure\|cpu_meltdown\|kaiser” /proc/cpuinfo && echo “patched :)” || echo “unpatched :(“

sudo grep “cpu_insecure\|cpu_meltdown\|kaiser” /proc/cpuinfo && echo “patched :)” || echo “unpatched :(”
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm invpcid_single kaiser fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt arat
patched 🙂

grep “cpu_insecure\|cpu_meltdown\|kaiser” /proc/cpuinfo && echo “patched :)” \
> || echo “unpatched :(”
unpatched 🙁

dmesg | grep isolation && echo “patched :)” || echo “unpatched :(”
[ 0.000000] Kernel/User page tables isolation: enabled
patched 🙂

sudo apt-get install linux-headers-4.4.0-109 linux-headers-4.4.0-109-generic linux-headers-generic linux-image-4.4.0-109-generic linux-image-extra-4.4.0-109-generic linux-image-generic linux-tools-4.4.0-109 linux-tools-4.4.0-109-generic linux-tools-generic
sudo shutdown -r now

dmesg | grep isolation && echo “patched :)” || echo “unpatched :(”
[ 0.000000] Kernel/User page tables isolation: enabled
patched 🙂

cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 62
model name : Intel(R) Xeon(R) CPU E5-2630L v2 @ 2.40GHz
stepping : 4
microcode : 0x1
cpu MHz : 2399.998
cache size : 15360 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl eagerfpu pni pclmulqdq vmx ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm kaiser vnmi ept fsgsbase tsc_adjust smep erms xsaveopt arat
bugs :
bogomips : 4799.99
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: