Meltdown: another PoC in the wild

Pavel Boldin published a new PoC exploit of Meltdown vulnerability working on Linux, written in C.

“Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache.”

Can only dump linux_proc_banner at the moment, since requires accessed memory to be in cache and linux_proc_banner is cached on every read from /proc/version. Might work with prefetch.


Build and run

Build with make, run with ./run.sh.

Can’t defeat KASLR yet, so you may need to enter your password to find linux_proc_banner in the /proc/kallsyms (or do it manually).

If it compiles but fails with Illegal instruction then either your hardware is very old or it is a VM. Try compiling with:

$ make CFLAGS=-DHAVE_RDTSCP=0 clean all

Pandora’s box is open.


Vulnerable CPUs list

Here the list (continuosly updated): https://github.com/paboldin/meltdown-exploit/issues/19


More information and download

Related posts

  1. Beware! A simple wallpaper image can brick your Android device
  2. Weekly Cybersecurity Roundup #9
  3. Thunderspy: a Thunderbolt security flaw that affects all systems released before 2019
  4. “Psychic Paper”: an amazingly simple iOS sandbox escape exploit
  5. Weekly Tech Roundup #5