1db12cd347
update: fwdb from v349+i20260512+1cce to v350+i20260512+1cce, 8 microcode changes ( #578 )
...
built from commit 44ba92635f218502+speed47@users.noreply.github.com >
2026-06-03 12:08:36 +00:00
c107f2b2ea
fix: arm64: collapse per-core CPU info lists to a single line ( #576 )
...
built from commit 7d9345a32fspeed47_github@speed47.net )
Store the per-core implementer/part/arch/variant/revision lists
space-separated (no embedded newlines, which also cleans up JSON and
prometheus output) and dedup them for the human-readable display, so
homogeneous systems show e.g. "0x41" instead of repeating it per core.
2026-06-02 19:30:28 +02:00
68116d87fd
update: fwdb from v349+i20260227+615b to v349+i20260512+1cce, 19 microcode changes
...
built from commit 645a79846b
2026-06-01 20:58:15 +00:00
c060a2d2c9
Merge pull request #571 from speed47/test
...
built from commit 0045d237faspeed47_github@speed47.net )
Prepare next release
2026-06-01 20:46:12 +00:00
fe0d3f49f4
Merge pull request #566 from speed47/test
...
built from commit 3e2b6cc734speed47_github@speed47.net )
Prepare release v26.33.0420xxx
2026-04-20 11:04:05 +00:00
ea6b8efd18
fix: add rebleet to --variant
...
built from commit 7a7408d124speed47_github@speed47.net )
2026-04-04 16:23:18 +00:00
24d92540a7
enh: add known fixed ucode versions for CVE-2023-23583 (Reptar) and CVE-2024-45332 (BPI)
...
built from commit cccb3c0081speed47_github@speed47.net )
2026-04-04 16:08:25 +00:00
553a9ec60f
Merge pull request #532 from speed47/test
...
built from commit 6fac2d8ff1speed47_github@speed47.net )
Retbleed / Downfall overhald / doc updates
2026-04-02 21:33:46 +00:00
931c955765
Merge pull request #530 from speed47/test
...
built from commit d3c0f1a24dspeed47_github@speed47.net )
chore: workflows revamp
2026-04-02 16:50:52 +00:00
c5ef0c488a
Merge branch 'test' into source
...
built from commit 952fe6a87fspeed47_github@speed47.net )
2026-04-02 16:41:33 +00:00
99301d1cbb
chore: add stalebot in dryrun
...
built from commit afadf53f7fspeed47_github@speed47.net )
2026-04-02 13:33:36 +02:00
f9c3d19f72
enh: CVE-2017-5715; check for unprivileged eBPF for paranoid mode
...
built from commit e5c6d2d905speed47_github@speed47.net )
2026-04-01 21:30:51 +00:00
8389d9593c
chore: prepare for dev-build renaming to test-build
...
built from commit 9497abbee2723cedc561b6b785fe01fbe965ec1c
dated 2026-03-31 19:34:52 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-04-01 21:30:51 +00:00
61cc0f3a35
update: fwdb from v347+i20251110+615b to v349+i20260227+615b, 50 microcode changes
2026-03-28 01:52:17 +00:00
a20641fbad
fix: handle non-numeric ARM CPU architecture values
...
Some old ARM processors (e.g., ARM926EJ-S) report CPU architecture
with suffix in /proc/cpuinfo (e.g., "5TEJ" for ARMv5TEJ).
This caused an "integer expression expected" error when comparing
against numeric values. Extract the numeric prefix before integer comparisons.
Fixes #505 .
2026-01-25 12:57:41 +01:00
d550ea8c85
fix: harmless 'dmesg: write error' that could happen on some systems
...
Fixes #519 .
2026-01-25 11:53:13 +01:00
8e33a1dbf2
fix: set cpu_* vars to a default value
...
On ARM64 systems, /proc/cpuinfo uses different field names (CPU implementer,
CPU variant, CPU part, CPU revision) instead of x86-style fields (cpu family,
model, stepping). This left these variables empty, causing printf to fail
with 'invalid number' errors when formatting them as hex values.
Fixes #520 .
2026-01-25 11:38:50 +01:00
68b4617fd4
update: fwdb from v345+i20251110+4df2 to v347+i20251110+615b, 2 microcode changes
2026-01-01 11:48:36 +01:00
9fed5ceb33
update: fwdb from v344+i20250811+1523 to v345+i20251110+4df2, 45 microcode changes
2025-11-23 12:38:27 +01:00
a8466b74fe
fix CVE-2017-5715 reporting when IBRS_FW is enabled
2025-10-27 08:42:51 +01:00
b99be2363c
update: fwdb from v296+i20240514+988c to v344+i20250811+1523, 128 microcode changes
2025-10-26 22:08:07 +01:00
c2c60e0161
chore: fix recent shellcheck warnings
2025-10-25 20:48:38 +02:00
bae43d8370
Replace head -1 by head -n1
...
The info page of GNU head says:
> For compatibility 'head' also supports an obsolete option syntax
> '-[NUM][bkm][cqv]', [...] Scripts intended for standard hosts should use
> '-c NUM' or '-n NUM' instead.
At least busybox's head does not support the `-NUM` syntax.
2025-10-25 20:45:24 +02:00
34c6095912
fix: Linux 6.9+ changed some config options names ( #490 )
...
Issue #490 is about retpoline but other options have also changed,
as reported by a comment on the issue, this commit fixes these
other options:
Breno Leitao (10):
x86/bugs: Rename CONFIG_GDS_FORCE_MITIGATION => CONFIG_MITIGATION_GDS_FORCE
x86/bugs: Rename CONFIG_CPU_IBPB_ENTRY => CONFIG_MITIGATION_IBPB_ENTRY
x86/bugs: Rename CONFIG_CALL_DEPTH_TRACKING => CONFIG_MITIGATION_CALL_DEPTH_TRACKING
x86/bugs: Rename CONFIG_PAGE_TABLE_ISOLATION => CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
x86/bugs: Rename CONFIG_RETPOLINE => CONFIG_MITIGATION_RETPOLINE
x86/bugs: Rename CONFIG_SLS => CONFIG_MITIGATION_SLS
x86/bugs: Rename CONFIG_CPU_UNRET_ENTRY => CONFIG_MITIGATION_UNRET_ENTRY
x86/bugs: Rename CONFIG_CPU_IBRS_ENTRY => CONFIG_MITIGATION_IBRS_ENTRY
x86/bugs: Rename CONFIG_CPU_SRSO => CONFIG_MITIGATION_SRSO
x86/bugs: Rename CONFIG_RETHUNK => CONFIG_MITIGATION_RETHUNK
2024-08-04 15:15:45 +02:00
388d44edbd
Fix Retpoline detection for Linux 6.9+ (issue #490 )
2024-08-04 13:41:01 +02:00
bd0c7c94b5
fix: typo introduced by #483 , fixes #486
2024-05-18 13:01:48 +02:00
d70e4c2974
fwdb: update to v296+i20240514+988c
2024-05-18 13:01:48 +02:00
4e29fb5a21
fix: ucode_platformid_mask is hexa ( fixes #485 )
2024-02-15 17:27:12 +01:00
0f2edb1a71
feat: blacklist some more microcodes ( fixes #475 )
2024-01-09 18:54:39 +01:00
8ac2539a2a
fix: microcode check now supports pf_mask ( fixes #482 )
2024-01-09 17:05:18 +01:00
97f4d5f2bc
feat(reptar): add detection and mitigation of Reptar
2024-01-09 15:38:16 +01:00
9b7b09ada3
fix(inception): continued mitigation detection
2023-08-25 18:50:53 +02:00
c94811e63d
fix(inception): Zen1/2 results based on kernel mitigations
2023-08-25 18:50:53 +02:00
ecee75716e
feat(inception): kernel checks + sbpb support detection
2023-08-25 18:50:53 +02:00
fb6933dc64
feat(inception): Zen1/2 IBPB and SMT checks
2023-08-25 18:50:53 +02:00
dc6921a1ac
feat(inception): handle sysfs interface
2023-08-25 18:50:53 +02:00
3167762cfd
feat(inception): start supporting AMD inception
2023-08-25 18:50:53 +02:00
44223c5308
fix: bsd: kernel version detection
2023-08-11 18:41:35 +02:00
dbe208fc48
enh: downfall: detect kernel mitigation without sysfs
2023-08-11 18:10:27 +02:00
aca4e2a9b1
enh: move root warning to the bottom
2023-08-11 18:10:27 +02:00
c1c1ac4dbb
feat(downfall): detection of the kernel mitigation relying on dmesg
2023-08-10 11:14:40 +02:00
ba0daa6769
feat: downfall: add kernel soft mitigation support check
2023-08-10 11:14:40 +02:00
227c0aab1e
feat(downfall): add downfall checks
2023-08-10 11:14:40 +02:00
8ba3751cf7
fwdb: update to latest Intel ucode versions
2023-08-09 10:35:08 +02:00
cbe8ba10ce
fix: inteldb: cpuid 0x00090660 and 0x000A0680
2023-07-30 13:21:38 +02:00
9c2587bca5
enh: when CPUID can't be read, built it by ourselves
2023-07-30 12:21:12 +02:00
2a5ddc87bf
feat: add Intel known affected processors DB
2023-07-30 12:21:12 +02:00
2ef6c1c80e
enh: factorize file download func
2023-07-28 20:03:16 +02:00
3c224018f4
chore: update disclaimer and FAQ
2023-07-28 20:03:16 +02:00
b8f8c81d51
release v0.46
2023-07-26 18:07:02 +02:00
github-actions[bot]
speed47
Stéphane Lesimple
Gabriel Francisco
Jörg Sommer
Ivan Zahariev
Stephane Lesimple
Sébastien Mériot