peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-07 09:13:20 +02:00
Code Issues Projects Releases Wiki Activity
664 Commits 5 Branches 48 Tags
36263edc5a937db141d36462044c2c418743b46d
Commit Graph

664 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stéphane Lesimple
36263edc5a fix: CVE-2020-0543 (SRBDS): microcode mitigation misdetected (#492) 2026-04-06 14:05:21 +02:00
Stéphane Lesimple
0e440cbac6 enh: detect IPBP return predictor bypass in Inception/SRSO ("PB-Inception") (#500) 
AMD Zen 1-3 CPUs don't flush return predictions on IBPB, allowing
cross-process Spectre attacks even with IBPB-on-entry active. The kernel
fix (v6.12+, backported) adds RSB fill after IBPB on affected CPUs.
Detect this gap by checking CPUID IBPB_RET bit and kernel ibpb_no_ret
bug flag, and flag systems relying on IBPB without the RSB fill fix.
 2026-04-06 14:05:21 +02:00
Stéphane Lesimple
bf6289adfb fix: don't default to 0x0 ucode when unknown 2026-04-06 14:05:21 +02:00
Stéphane Lesimple
e2eba83ce8 fix: bsd: use proper MSR for AMD in ucode version read fallback 2026-04-06 02:43:34 +02:00
Stéphane Lesimple
96c696e313 enh: MDS FreeBSD: detect software mitigation as OK unless --paranoid (#503) 2026-04-06 02:43:34 +02:00
Stéphane Lesimple
485e2d275b doc: add CVE-2021-26318 (ADM Prefetch) to unsupported list 2026-04-06 02:43:34 +02:00
Stéphane Lesimple
786bc86be8 feat: implement CVE-2023-28746 (RFDS, Register File Data Sampling) 2026-04-06 02:43:34 +02:00
Stéphane Lesimple
9288a8295d feat: add SLS (Straight-Line Speculation) check with --extra option 2026-04-06 02:43:34 +02:00
Stéphane Lesimple
7a7408d124 fix: add rebleet to --variant 2026-04-04 16:22:05 +00:00
Stéphane Lesimple
cccb3c0081 enh: add known fixed ucode versions for CVE-2023-23583 (Reptar) and CVE-2024-45332 (BPI) 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
090f109c52 doc: add CVE-2023-31315 (SinkClose) to the unsupported list, add categories 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
5dc9c3c18d chore: reorder CVE list in README.md 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
a00fab131f feat: implement CVE-2025-40300 (VMScape) and CVE-2024-45332 (BTI) 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
e0b818f8fa chore: stalebot: disable dryrun by default 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
4af11551ba feat: implement CVE-2024-28956 (ITS, Indirect Target Selection) vulnerability and mitigation detection 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
dfed6f35c5 doc: add note about more unsupported CVEs 
CVE-2020-12965 - Transient Execution of Non-Canonical Accesses (SLAM)
CVE-2024-7881 - ARM Prefetcher Privilege Escalation
CVE-2024-56161 - EntrySign (AMD Microcode Signature Bypass)
CVE-2025-20623 - Shared Microarchitectural Predictor State (10th Gen Intel)
CVE-2025-24495 - Lion Cove BPU Initialization
CVE-2025-29943 - StackWarp (AMD SEV-SNP)
 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
1652977f47 add a generated version of src/libs/003_intel_models.sh 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
a089ae8cef fix: sys_interface_check() must set the caller's $msg var (closes #533) 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
cc6bbaad19 chore: don't include src/ generated files in build 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
2717b0a4be doc: CVE-2020-12965 unsupported (#478) 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
6fac2d8ff1 Merge pull request #532 from speed47/test 
Retbleed / Downfall overhald / doc updates
 2026-04-02 21:32:39 +00:00
Stéphane Lesimple
ae5493257e doc: CVE-2018-3693 CVE-2019-1125 CVE-2019-15902 unsupported or already included 2026-04-02 23:22:31 +02:00
Stéphane Lesimple
47e202100a doc: CVE-2018-15572 is already implemented along Spectre V2 2026-04-02 23:12:29 +02:00
Stéphane Lesimple
0edb357894 doc: CVE-2018-9056 is out of scope (closes #169) 2026-04-02 22:58:45 +02:00
Stéphane Lesimple
ed6a0a2882 doc: unsupported CVE list 2026-04-02 22:51:55 +02:00
Stéphane Lesimple
86e0fae48a enh: group results by 4 in the summary line at the end of the run 2026-04-02 22:45:08 +02:00
Stéphane Lesimple
cb3b9a37fa enh: rework VERSION adjust when we're cloned 2026-04-02 22:33:48 +02:00
Stéphane Lesimple
b9f75346d4 enh: auto-generate intel model list 2026-04-02 22:33:48 +02:00
Stéphane Lesimple
4f6dbb36c8 feat: implement Retbleed (CVE-2022-29900 CVE-2022-29901) mitigation detection 2026-04-02 22:33:48 +02:00
Stéphane Lesimple
d644941a76 chore: update dev doc with check_CVE_* header exception 2026-04-02 22:09:09 +02:00
Stéphane Lesimple
3ea8e213ec chore: add proper header to all src/vulns/* files 2026-04-02 21:03:29 +02:00
Stéphane Lesimple
5e3033e2f5 enh: CVE-2022-40982 (Downfall) overhaul & Spectre V2 enhancements 
Downfall:

- added `--kernel-config` support for all three Kconfig variants seen over all kernel versions up to now
- added `--kernel-map` support for `gds_select_mitigation` in `System.map`
- fixed the `--sysfs-only` mode
- added verbose information about remediation when `--explain` is used
- implemented `--paranoid mode`, requiring `GDS_MITIGATION_LOCKED` so that mitigation can't be disabled at runtime
- fixed offline mode (was wrongly looking at the system `dmesg`)
- better microcode status reporting (enabled, disabled, unsupported, unknown)
- fixed unknown (EOL) AVX-capable Intel family 6 CPUs now defaulting to affected
- fixed 2 missing known affected CPU models: INTEL_FAM6_SKYLAKE_L and INTEL_FAM6_SKYLAKE
- fixed case when we're running in a VM and the hypervisor doesn't let us read the MSR

Spectre V2:
- fix: affected_cpu: added Centaur family 7 (CentaurHauls) and Zhaoxin family 7 (Shanghai) as immune
- fix: added Centaur family 5 (CentaurHauls) and NSC family 5 (Geode by NSC) to is_cpu_specex_free()
- enh: offline mode: added detection logic by probing System.map and Kconfig
 2026-04-02 21:00:30 +02:00
Stéphane Lesimple
37204869f8 chore: update dev guidelines 2026-04-02 19:55:07 +02:00
Stéphane Lesimple
d3c0f1a24d Merge pull request #530 from speed47/test 
chore: workflows revamp
 2026-04-02 16:49:41 +00:00
Stéphane Lesimple
c799974038 chore: build: also add new files, handle github workflows 2026-04-02 18:47:00 +02:00
Stéphane Lesimple
0974871a6c chore: build: also add new files 2026-04-02 18:43:51 +02:00
Stéphane Lesimple
952fe6a87f Merge branch 'test' into source 2026-04-02 18:40:05 +02:00
Stéphane Lesimple
5e2af29e6a chore: conditional workflows on all branches 2026-04-02 18:37:46 +02:00
Stéphane Lesimple
afadf53f7f chore: add stalebot in dryrun 2026-04-02 11:15:36 +00:00
Stéphane Lesimple
5fc008f2d4 chore: add stalebot in dryrun 2026-04-02 13:13:19 +02:00
Stéphane Lesimple
e5c6d2d905 enh: CVE-2017-5715; check for unprivileged eBPF for paranoid mode 2026-04-01 20:37:54 +00:00
Stéphane Lesimple
ac327ce7c5 chore: shellcheck fixes 2026-04-01 20:10:29 +00:00
Stéphane Lesimple
03f63714b5 fix: CVE-2023-20569: logic errors with kernel_sro type change (bool => str) 2026-04-01 19:58:20 +00:00
Stéphane Lesimple
08702b07c9 fix: bad kernel/config var names 2026-04-01 19:53:34 +00:00
Stéphane Lesimple
4718134427 chore: cap_ipred unused for now, make shellcheck happy 2026-04-01 21:37:56 +02:00
Stéphane Lesimple
e23712129d enh: rework is_cpu_affected() to enhance maintainability 2026-04-01 21:36:45 +02:00
Stéphane Lesimple
43c515ac74 enh: CVE-2017-5715 (spectre v2): make vuln assessment cap_bhi-aware 2026-04-01 21:34:12 +02:00
Stéphane Lesimple
8c3fb7b2cc enh: CVE-2024-36357 CVE-2024-36350 (TSA): inventory of sysfs strings + consider vuln if TSA mitigation forced to user/kernel on hypervisors 2026-04-01 21:12:23 +02:00
Stéphane Lesimple
d05601ed3f feat: add CVE-2023-20593 (Zenbleed) mitigation detection for BSD 2026-04-01 21:12:23 +02:00
Stéphane Lesimple
690725ccc1 enh: add BSD stubs for CVE-2022-40982 CVE-2023-20569 CVE-2023-23583, detecting unaffected CPUs 2026-04-01 21:12:23 +02:00