spectre-meltdown-checker 命令

常用示例

说明

spectre-meltdown-checker detects CPU vulnerabilities and verifies mitigations for Spectre, Meltdown, and related speculative execution attacks. It operates in live mode (analyzing the running kernel) or offline mode (inspecting kernel files). The tool checks for various vulnerability variants including Spectre v1/v2, Meltdown (v3), SSB (v4), L1TF, MDS variants (MSBDS, MFBDS, MLPDS), TAA, and others. It reports vulnerability status and whether proper mitigations are in place.

参数

--kernel _file_

Specify kernel image file to check

--config _file_

Specify kernel configuration file

--map _file_

Specify System.map file

--live

Force live mode when files are specified

--variant _variant_

Check specific vulnerability variant (repeatable)

--cve _cve_

Check specific CVE (repeatable)

--explain

Provide human-readable mitigation explanations

--batch _format_

Machine-readable output: text, short, json, nrpe, prometheus

--no-color

Disable color output

-v, --verbose

Increase verbosity (repeatable)

--paranoid

Apply stricter mitigation criteria

--hw-only

Check CPU information only

--no-sysfs

Skip /sys interface

--sysfs-only

Use only /sys interface

--update-fwdb

Update local CPU microcode database