From ed6a0a288211e8e66d2bd92395b44aef37001e12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Thu, 2 Apr 2026 22:51:55 +0200 Subject: [PATCH] doc: unsupported CVE list --- UNSUPPORTED_CVE_LIST.md | 2 +- dist/README.md | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/UNSUPPORTED_CVE_LIST.md b/UNSUPPORTED_CVE_LIST.md index 194b64b..13f8a73 100644 --- a/UNSUPPORTED_CVE_LIST.md +++ b/UNSUPPORTED_CVE_LIST.md @@ -1,6 +1,6 @@ # Unsupported CVEs -This document lists transient execution CVEs that have been evaluated and determined to be **out of scope** for this tool. See the "CVE Inclusion Criteria" section in [DEVELOPMENT.md](DEVELOPMENT.md) for the general policy. +This document lists transient execution CVEs that have been evaluated and determined to be **out of scope** for this tool. See the [Which rules are governing the support of a CVE in this tool?](dist/FAQ.md#which-rules-are-governing-the-support-of-a-cve-in-this-tool) section in the FAQ for the general policy. ## CVE-2024-36348 — AMD Transient Scheduler Attack (UMIP bypass) diff --git a/dist/README.md b/dist/README.md index 4c735c9..7643ef6 100644 --- a/dist/README.md +++ b/dist/README.md @@ -167,6 +167,13 @@ On AMD Zen 3 and Zen 4 processors, the CPU's transient scheduler may speculative +## Unsupported CVEs + +Several transient execution CVEs are not covered by this tool, for various reasons (duplicates, only +affecting non-supported hardware or OS, theoretical with no known exploitation, etc.). +The complete list along with the reason for each exclusion is available in the +[UNSUPPORTED_CVE_LIST.md](https://github.com/speed47/spectre-meltdown-checker/blob/source/UNSUPPORTED_CVE_LIST.md) file. + ## Scope Supported operating systems: