peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-01 12:47:07 +02:00
Code Issues Projects Releases Wiki Activity
586 Commits 5 Branches 46 Tags
15ea90f3125c1832c524c271efc1660285c9f458
Commit Graph

525 Commits

Author SHA1 Message Date
github-actions[bot]
15ea90f312 enh: draft rework of CVE-2017-5753 aka spectre v1 
built from commit 4738e8f0ad
 dated 2026-04-01 00:22:07 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:23:17 +00:00
github-actions[bot]
5fd6a20ebb chore: readme: add a second table one about impact/mitigation, rework sections 
built from commit c20369d9e3899b03280bf72893956f36844bc969
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:09:49 +00:00
github-actions[bot]
e7df6a3e30 chore: readme: add a second table one about impact/mitigation 
built from commit 4f16822bb11f5b8461647c228a7f2087d5716aea
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:05:17 +00:00
github-actions[bot]
ba24551c56 chore: readme: add a second table one about impact/mitigation 
built from commit 25a7e7089a3c14f0b2d1320995b08d9d941d8c51
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:02:37 +00:00
github-actions[bot]
7c2699c01a chore: readme: add a second table one about impact/mitigation 
built from commit 3e969c94e04e48f8db9dbb5603371e1180a4d32a
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 21:53:12 +00:00
github-actions[bot]
6663b6422e chore: readme: add a second table one about impact/mitigation 
built from commit b74adb0957c471014dce284b2b6bf8cad85edf38
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 21:43:28 +00:00
github-actions[bot]
fe55c70658 chore: clearer CVE table in README.md 
built from commit 9bbefb7bae40c7c240641b3f714691a76976c9c0
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 21:01:37 +00:00
github-actions[bot]
d0822e1f9d chore: prepare for dev-build renaming to test-build 
built from commit 295324a545
 dated 2026-03-31 19:34:52 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 17:53:45 +00:00
github-actions[bot]
10e5b5749e chore: set VERSION when building 
built from commit efa07e7fd9
 dated 2026-03-30 23:46:13 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 22:22:20 +00:00
github-actions[bot]
4f7f83a40e chore: set VERSION when building 
built from commit 88099e12bf082112a1579e2cd37f010c29463e9d
 dated 2026-03-30 23:46:13 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 21:51:45 +00:00
github-actions[bot]
0f36203b5f chore: adjust workflow for dev-build 
built from commit 254f8ece6de39214c5e25694b0fea8c2ddfbf511
 dated 2026-03-30 21:24:34 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 21:08:41 +00:00
speed47
61cc0f3a35 update: fwdb from v347+i20251110+615b to v349+i20260227+615b, 50 microcode changes 2026-03-28 01:52:17 +00:00
Stéphane Lesimple
a20641fbad fix: handle non-numeric ARM CPU architecture values 
Some old ARM processors (e.g., ARM926EJ-S) report CPU architecture
with suffix in /proc/cpuinfo (e.g., "5TEJ" for ARMv5TEJ).

This caused an "integer expression expected" error when comparing
against numeric values. Extract the numeric prefix before integer comparisons.

Fixes #505.
 2026-01-25 12:57:41 +01:00
Stéphane Lesimple
d550ea8c85 fix: harmless 'dmesg: write error' that could happen on some systems 
Fixes #519.
 2026-01-25 11:53:13 +01:00
Stéphane Lesimple
8e33a1dbf2 fix: set cpu_* vars to a default value 
On ARM64 systems, /proc/cpuinfo uses different field names (CPU implementer,
CPU variant, CPU part, CPU revision) instead of x86-style fields (cpu family,
model, stepping). This left these variables empty, causing printf to fail
with 'invalid number' errors when formatting them as hex values.

Fixes #520.
 2026-01-25 11:38:50 +01:00
speed47
68b4617fd4 update: fwdb from v345+i20251110+4df2 to v347+i20251110+615b, 2 microcode changes 2026-01-01 11:48:36 +01:00
speed47
9fed5ceb33 update: fwdb from v344+i20250811+1523 to v345+i20251110+4df2, 45 microcode changes 2025-11-23 12:38:27 +01:00
Gabriel Francisco
a8466b74fe fix CVE-2017-5715 reporting when IBRS_FW is enabled 2025-10-27 08:42:51 +01:00
speed47
b99be2363c update: fwdb from v296+i20240514+988c to v344+i20250811+1523, 128 microcode changes 2025-10-26 22:08:07 +01:00
Stéphane Lesimple
c2c60e0161 chore: fix recent shellcheck warnings 2025-10-25 20:48:38 +02:00
Jörg Sommer
bae43d8370 Replace head -1 by head -n1 
The info page of GNU head says:

> For compatibility 'head' also supports an obsolete option syntax
> '-[NUM][bkm][cqv]', [...] Scripts intended for standard hosts should use
> '-c NUM' or '-n NUM' instead.

At least busybox's head does not support the `-NUM` syntax.
 2025-10-25 20:45:24 +02:00
Stéphane Lesimple
34c6095912 fix: Linux 6.9+ changed some config options names (#490) 
Issue #490 is about retpoline but other options have also changed,
as reported by a comment on the issue, this commit fixes these
other options:

Breno Leitao (10):
      x86/bugs: Rename CONFIG_GDS_FORCE_MITIGATION => CONFIG_MITIGATION_GDS_FORCE
      x86/bugs: Rename CONFIG_CPU_IBPB_ENTRY       => CONFIG_MITIGATION_IBPB_ENTRY
      x86/bugs: Rename CONFIG_CALL_DEPTH_TRACKING  => CONFIG_MITIGATION_CALL_DEPTH_TRACKING
      x86/bugs: Rename CONFIG_PAGE_TABLE_ISOLATION => CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
      x86/bugs: Rename CONFIG_RETPOLINE            => CONFIG_MITIGATION_RETPOLINE
      x86/bugs: Rename CONFIG_SLS                  => CONFIG_MITIGATION_SLS
      x86/bugs: Rename CONFIG_CPU_UNRET_ENTRY      => CONFIG_MITIGATION_UNRET_ENTRY
      x86/bugs: Rename CONFIG_CPU_IBRS_ENTRY       => CONFIG_MITIGATION_IBRS_ENTRY
      x86/bugs: Rename CONFIG_CPU_SRSO             => CONFIG_MITIGATION_SRSO
      x86/bugs: Rename CONFIG_RETHUNK              => CONFIG_MITIGATION_RETHUNK
 2024-08-04 15:15:45 +02:00
Ivan Zahariev
388d44edbd Fix Retpoline detection for Linux 6.9+ (issue #490) 2024-08-04 13:41:01 +02:00
Stéphane Lesimple
bd0c7c94b5 fix: typo introduced by #483, fixes #486 2024-05-18 13:01:48 +02:00
Stéphane Lesimple
d70e4c2974 fwdb: update to v296+i20240514+988c 2024-05-18 13:01:48 +02:00
Stéphane Lesimple
4e29fb5a21 fix: ucode_platformid_mask is hexa (fixes #485) 2024-02-15 17:27:12 +01:00
Stephane Lesimple
0f2edb1a71 feat: blacklist some more microcodes (fixes #475) 2024-01-09 18:54:39 +01:00
Stephane Lesimple
8ac2539a2a fix: microcode check now supports pf_mask (fixes #482) 2024-01-09 17:05:18 +01:00
Stéphane Lesimple
97f4d5f2bc feat(reptar): add detection and mitigation of Reptar 2024-01-09 15:38:16 +01:00
Stéphane Lesimple
9b7b09ada3 fix(inception): continued mitigation detection 2023-08-25 18:50:53 +02:00
Sébastien Mériot
c94811e63d fix(inception): Zen1/2 results based on kernel mitigations 2023-08-25 18:50:53 +02:00
Sébastien Mériot
ecee75716e feat(inception): kernel checks + sbpb support detection 2023-08-25 18:50:53 +02:00
Sébastien Mériot
fb6933dc64 feat(inception): Zen1/2 IBPB and SMT checks 2023-08-25 18:50:53 +02:00
Stéphane Lesimple
dc6921a1ac feat(inception): handle sysfs interface 2023-08-25 18:50:53 +02:00
Sébastien Mériot
3167762cfd feat(inception): start supporting AMD inception 2023-08-25 18:50:53 +02:00
Stéphane Lesimple
44223c5308 fix: bsd: kernel version detection 2023-08-11 18:41:35 +02:00
Stéphane Lesimple
dbe208fc48 enh: downfall: detect kernel mitigation without sysfs 2023-08-11 18:10:27 +02:00
Stéphane Lesimple
aca4e2a9b1 enh: move root warning to the bottom 2023-08-11 18:10:27 +02:00
Sébastien Mériot
c1c1ac4dbb feat(downfall): detection of the kernel mitigation relying on dmesg 2023-08-10 11:14:40 +02:00
Stéphane Lesimple
ba0daa6769 feat: downfall: add kernel soft mitigation support check 2023-08-10 11:14:40 +02:00
Sébastien Mériot
227c0aab1e feat(downfall): add downfall checks 2023-08-10 11:14:40 +02:00
Stéphane Lesimple
8ba3751cf7 fwdb: update to latest Intel ucode versions 2023-08-09 10:35:08 +02:00
Stéphane Lesimple
cbe8ba10ce fix: inteldb: cpuid 0x00090660 and 0x000A0680 2023-07-30 13:21:38 +02:00
Stéphane Lesimple
9c2587bca5 enh: when CPUID can't be read, built it by ourselves 2023-07-30 12:21:12 +02:00
Stéphane Lesimple
2a5ddc87bf feat: add Intel known affected processors DB 2023-07-30 12:21:12 +02:00
Stéphane Lesimple
2ef6c1c80e enh: factorize file download func 2023-07-28 20:03:16 +02:00
Stéphane Lesimple
3c224018f4 chore: update disclaimer and FAQ 2023-07-28 20:03:16 +02:00
Stéphane Lesimple
b8f8c81d51 release v0.46 2023-07-26 18:07:02 +02:00
Stéphane Lesimple
f34dd5fa7b enh: assume CPU is immune to Zenbleed regardless of vendor except AMD 
This contradicts our usual "if we don't know, consider vulnerable" motto,
but as this vuln is extremely specific (which is not the case for the Spectre
range of vulnerabilities, for example), this is the correct approach here.
 2023-07-26 17:54:44 +02:00
Stéphane Lesimple
c0869d7341 enh: zenbleed: give a manual mitigation in --explain 2023-07-26 16:38:02 +02:00