Red Hat Open-Sources Scanner That Checks Linux Binaries For Spectre V1 Potential
The great folks at Red Hat have open-sourced a new security checker that is able to scan compiled Linux x86_64 binaries to look for potential Spectre Variant One vulnerabilities.
While the Smatch static analysis tool has been useful for finding potential Spectre Variant One speculation vulnerabilities within the kernel's C code, that tool works off the kernel sources and is tailored to the kernel. With Red Hat's tool made public today, compiled Linux binaries can be analyzed for potential Spectre Variant One vulnerabilities.
Running this scanner just requires providing the path to the binary and a starting memory address inside the binary, which typically will be a syscall entry point. This scanner emulates the execution of the instructions and tracks the values in registers and memory while looking out for potential speculation.
Those wanting to learn more about this Spectre V1 Linux scanning tool can read today's announcement and download links via access.redhat.com.
While the Smatch static analysis tool has been useful for finding potential Spectre Variant One speculation vulnerabilities within the kernel's C code, that tool works off the kernel sources and is tailored to the kernel. With Red Hat's tool made public today, compiled Linux binaries can be analyzed for potential Spectre Variant One vulnerabilities.
Running this scanner just requires providing the path to the binary and a starting memory address inside the binary, which typically will be a syscall entry point. This scanner emulates the execution of the instructions and tracks the values in registers and memory while looking out for potential speculation.
Those wanting to learn more about this Spectre V1 Linux scanning tool can read today's announcement and download links via access.redhat.com.
2 Comments