Meltdown: another PoC in the wild

Pavel Boldin published a new PoC exploit of Meltdown vulnerability working on Linux, written in C.

“Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache.”

Can only dump linux_proc_banner at the moment, since requires accessed memory to be in cache and linux_proc_banner is cached on every read from /proc/version. Might work with prefetch.

Build and run

Build with make, run with ./

Can’t defeat KASLR yet, so you may need to enter your password to find linux_proc_banner in the /proc/kallsyms (or do it manually).

If it compiles but fails with Illegal instruction then either your hardware is very old or it is a VM. Try compiling with:

$ make CFLAGS=-DHAVE_RDTSCP=0 clean all

Pandora’s box is open.

Vulnerable CPUs list

Here the list (continuosly updated):

More information and download

Related posts

  1. SweynTooth: Bluetooth vulnerabilities expose many BLE devices to attacks
  2. CVE-2019-18426: WhatsApp bug allowed remote access to users computers with just a text message
  3. CacheOut – Another day, another CPU attack!
  4. Security researcher found a hardcoded SSH Key in Fortinet SIEM appliances
  5. CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability