From 6663b6422e027325d3c1771f3e6f6083862132d4 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 31 Mar 2026 21:43:28 +0000
Subject: [PATCH] chore: readme: add a second table one about impact/mitigation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

 built from commit b74adb0957c471014dce284b2b6bf8cad85edf38
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
---
 README.md                   | 82 ++++++++++++++++++++++++++-----------
 spectre-meltdown-checker.sh |  2 +-
 2 files changed, 60 insertions(+), 24 deletions(-)

diff --git a/README.md b/README.md
index 26c73cb..4cf7eba 100644
--- a/README.md
+++ b/README.md
@@ -3,29 +3,65 @@ Spectre & Meltdown Checker
 
 A shell script to assess your system's resilience against the several [transient execution](https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability) CVEs that were published since early 2018, and give you guidance as to how to mitigate them.
 
-CVE | Name | Aliases | Impact | Mitigation
---- | ---- | ------- | ------ | ----------
-[CVE-2017-5753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753) | Bounds Check Bypass | Spectre V1 | Kernel & userspace | Recompile everything with LFENCE
-[CVE-2017-5715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715) | Branch Target Injection | Spectre V2 | Kernel | Microcode + kernel update (or retpoline)
-[CVE-2017-5754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754) | Rogue Data Cache Load | Meltdown | Kernel | Kernel update
-[CVE-2018-3640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640) | Rogue System Register Read | Variant 3a | Kernel | Microcode update
-[CVE-2018-3639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639) | Speculative Store Bypass | Variant 4, SSB | JIT software | Microcode + kernel update
-[CVE-2018-3615](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615) | L1 Terminal Fault | Foreshadow (SGX) | SGX enclaves | Microcode update
-[CVE-2018-3620](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620) | L1 Terminal Fault | Foreshadow-NG (OS/SMM) | Kernel | Kernel update
-[CVE-2018-3646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646) | L1 Terminal Fault | Foreshadow-NG (VMM) | Hypervisors | Kernel update (or disable EPT/SMT)
-[CVE-2018-12126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126) | Microarchitectural Store Buffer Data Sampling | MSBDS, Fallout | Kernel | Microcode + kernel update
-[CVE-2018-12130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130) | Microarchitectural Fill Buffer Data Sampling | MFBDS, ZombieLoad | Kernel | Microcode + kernel update
-[CVE-2018-12127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127) | Microarchitectural Load Port Data Sampling | MLPDS, RIDL | Kernel | Microcode + kernel update
-[CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091) | Microarchitectural Data Sampling Uncacheable Memory | MDSUM, RIDL | Kernel | Microcode + kernel update
-[CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135) | TSX Asynchronous Abort | TAA, ZombieLoad V2 | Kernel | Microcode + kernel update
-[CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207) | Machine Check Exception on Page Size Changes | iTLB Multihit, No eXcuses | Hypervisors | Hypervisor update (or disable hugepages)
-[CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543) | Special Register Buffer Data Sampling | SRBDS, CROSSTalk | Kernel & userspace | Microcode + kernel update
-[CVE-2022-40982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982) | Gather Data Sampling | Downfall, GDS | Kernel & userspace | Microcode update (or disable AVX)
-[CVE-2023-20569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569) | Return Address Security | Inception, SRSO | Kernel & userspace | Microcode + kernel update
-[CVE-2023-20593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593) | Cross-Process Information Leak | Zenbleed | Kernel & userspace | Microcode update (or kernel workaround)
-[CVE-2023-23583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23583) | Redundant Prefix Issue | Reptar | Kernel & userspace | Microcode update
-[CVE-2024-36350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350) | Transient Scheduler Attack, Store Queue | TSA-SQ | Kernel & userspace | Microcode + kernel update
-[CVE-2024-36357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357) | Transient Scheduler Attack, L1 | TSA-L1 | Kernel & userspace | Microcode + kernel update
+CVE | Name | Aliases
+--- | ---- | -------
+[CVE-2017-5753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753) | Bounds Check Bypass | Spectre V1
+[CVE-2017-5715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715) | Branch Target Injection | Spectre V2
+[CVE-2017-5754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754) | Rogue Data Cache Load | Meltdown
+[CVE-2018-3640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640) | Rogue System Register Read | Variant 3a
+[CVE-2018-3639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639) | Speculative Store Bypass | Variant 4, SSB
+[CVE-2018-3615](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615) | L1 Terminal Fault | Foreshadow (SGX)
+[CVE-2018-3620](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620) | L1 Terminal Fault | Foreshadow-NG (OS/SMM)
+[CVE-2018-3646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646) | L1 Terminal Fault | Foreshadow-NG (VMM)
+[CVE-2018-12126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126) | Microarchitectural Store Buffer Data Sampling | MSBDS, Fallout
+[CVE-2018-12130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130) | Microarchitectural Fill Buffer Data Sampling | MFBDS, ZombieLoad
+[CVE-2018-12127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127) | Microarchitectural Load Port Data Sampling | MLPDS, RIDL
+[CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091) | Microarchitectural Data Sampling Uncacheable Memory | MDSUM, RIDL
+[CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135) | TSX Asynchronous Abort | TAA, ZombieLoad V2
+[CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207) | Machine Check Exception on Page Size Changes | iTLB Multihit, No eXcuses
+[CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543) | Special Register Buffer Data Sampling | SRBDS, CROSSTalk
+[CVE-2022-40982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982) | Gather Data Sampling | Downfall, GDS
+[CVE-2023-20569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569) | Return Address Security | Inception, SRSO
+[CVE-2023-20593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593) | Cross-Process Information Leak | Zenbleed
+[CVE-2023-23583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23583) | Redundant Prefix Issue | Reptar
+[CVE-2024-36350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350) | Transient Scheduler Attack, Store Queue | TSA-SQ
+[CVE-2024-36357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357) | Transient Scheduler Attack, L1 | TSA-L1
+
+## Am I at risk?
+
+Depending on your situation, the table below answers whether an attacker in a given position can extract data from a given target.
+The "Userland → Kernel" column also applies within a VM (VM userland vs. VM kernel), since the same CPU mechanisms are at play regardless of virtualization.
+
+Vulnerability | Userland → Kernel | Userland → Userland | VM → Host | VM → VM
+------------ | :---------------: | :-----------------: | :-------: | :-----:
+CVE-2017-5753 (Spectre V1) | 💥 | 💥 | 💥 | 💥
+CVE-2017-5715 (Spectre V2) | 💥 | 💥 | 💥 | 💥
+CVE-2017-5754 (Meltdown) | 💥 | ✅ | ✅ | ✅
+CVE-2018-3640 (Variant 3a) | 💥 | ✅ | ✅ | ✅
+CVE-2018-3639 (Variant 4, SSB) | ✅ | 💥 | ✅ | ✅
+CVE-2018-3615 (Foreshadow, SGX) | ✅ | ✅ | ✅ | ✅
+CVE-2018-3620 (Foreshadow-NG, OS/SMM) | 💥 | ✅ | ✅ | ✅
+CVE-2018-3646 (Foreshadow-NG, VMM) | ✅ | ✅ | 💥 | 💥
+CVE-2018-12126 (MSBDS, Fallout) | 💥 | 💥 † | 💥 | 💥 †
+CVE-2018-12130 (MFBDS, ZombieLoad) | 💥 | 💥 † | 💥 | 💥 †
+CVE-2018-12127 (MLPDS, RIDL) | 💥 | 💥 † | 💥 | 💥 †
+CVE-2019-11091 (MDSUM, RIDL) | 💥 | 💥 † | 💥 | 💥 †
+CVE-2019-11135 (TAA, ZombieLoad V2) | 💥 | 💥 † | 💥 | 💥 †
+CVE-2018-12207 (iTLB Multihit, No eXcuses) | ✅ | ✅ | ☠️ | ✅
+CVE-2020-0543 (SRBDS, CROSSTalk) | 💥 ‡ | 💥 ‡ | 💥 ‡ | 💥 ‡
+CVE-2022-40982 (Downfall, GDS) | 💥 | 💥 | 💥 | 💥
+CVE-2023-20569 (Inception, SRSO) | 💥 | ✅ | 💥 | ✅
+CVE-2023-20593 (Zenbleed) | 💥 | 💥 | 💥 | 💥
+CVE-2023-23583 (Reptar) | ☠️ | ☠️ | ☠️ | ☠️
+CVE-2024-36350 (TSA-SQ) | 💥 | 💥 † | 💥 | 💥 †
+CVE-2024-36357 (TSA-L1) | 💥 | 💥 † | 💥 | 💥 †
+
+> 💥 Data can be leaked across this boundary.
+> ✅ Not affected in this scenario.
+> ☠️ Denial of service (system crash or unpredictable behavior), no data leak.
+> † Cross-process leakage requires SMT (Hyper-Threading) to be active — attacker and victim must share a physical core.
+> ‡ Only leaks RDRAND/RDSEED output, not arbitrary memory; still allows recovering cryptographic material from any victim.
+> CVE-2018-3615 (Foreshadow SGX) inverts the normal trust model: the OS reads SGX enclave data. It is irrelevant unless the system runs SGX enclaves, and the attacker must already have OS-level access.
 
 <details>
 <summary>Detailed CVE descriptions</summary>
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index fd79b45..0444635 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -13,7 +13,7 @@
 #
 # Stephane Lesimple
 #
-VERSION='26.21.0331873'
+VERSION='26.21.0331902'
 
 # --- Common paths and basedirs ---
 readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities"