peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-22 16:43:20 +02:00
Code Issues Projects Releases Wiki Activity
651 Commits 6 Branches 49 Tags
440424f52483bb3b597e65817f358aad64a6100b
Commit Graph

651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
440424f524 doc: readme: correct markdown indentation for unordered list items (#569) 
built from commit 8a417e5579
 dated 2026-04-21 00:02:47 +0800
 by 林博仁 Buo-ren Lin (Buo.Ren.Lin@gmail.com)

 Signed-off-by: 林博仁(Buo-ren Lin) <buo.ren.lin@gmail.com>
 2026-04-20 16:05:45 +00:00
github-actions[bot]
b7b0efa773 doc: add Jump Conditional Code (JCC) Erratum to the unsupported list 
built from commit b7a6182a65
 dated 2026-04-20 17:47:50 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-20 15:49:22 +00:00
github-actions[bot]
cf156a2ee5 doc: update output formats doc + normalize json to bool 
built from commit e2d110a3b5
 dated 2026-04-20 12:47:43 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-20 10:56:59 +00:00
github-actions[bot]
4eb0d04808 chore: remove from test branch workflows that must live on master 
built from commit 1bb33d5cf2
 dated 2026-04-20 12:53:36 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-20 10:55:20 +00:00
github-actions[bot]
50845adbfb doc: CVE-2018-3665 (Lazy FP State Restore (LazyFP)), unsupported 
built from commit 6732eb141b
 dated 2026-04-19 12:49:17 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-19 10:50:48 +00:00
github-actions[bot]
7eaa794980 enh: add FPDSS check for AMD Zen1/Zen+ (CVE-2025-54505) 
built from commit 048ce5b6a2
 dated 2026-04-18 10:56:21 +0000
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-18 15:20:22 +00:00
github-actions[bot]
7e5eee74ac fix: remove useless checks under ARM for CVE-2023-28746 
built from commit 48454a5344
 dated 2026-04-10 19:50:15 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-10 17:51:49 +00:00
github-actions[bot]
9bef6ec533 enh: use g_mode to explicitly save/load the current running mode 
built from commit e67c9e4265
 dated 2026-04-10 19:26:46 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-10 17:29:38 +00:00
github-actions[bot]
f587d9355e enh: guard x86/arm specific checks in kernel/cpu for the proper arch 
built from commit c64d4bb481
 dated 2026-04-10 18:37:32 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-10 16:40:49 +00:00
github-actions[bot]
83be8fd544 chore: fix build workflow 
built from commit de853fc801
 dated 2026-04-08 23:00:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-08 21:02:02 +00:00
Stéphane Lesimple
9383287fc6 chore: delete FAQ.md from ./ in test-build (moved to doc/ in test) 2026-04-08 20:18:32 +00:00
github-actions[bot]
a2823830a6 chore: create doc/ in -build branch 
built from commit 2b1389e5c667a3c10c8e47fca7cb14d81695165c
 dated 2026-04-08 21:57:03 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-08 20:10:38 +00:00
github-actions[bot]
6212de226a enh: when reading CPUID is unavailable (VM?), fallback to cpuinfo where applicable 
built from commit 954eb13468
 dated 2026-04-06 18:58:36 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)

 cap_* variable <= cpuinfo flag

cap_ibrs              <= ibrs
cap_ibpb              <= ibpb
cap_stibp             <= stibp
cap_ssbd              <= ssbd / virt_ssbd
cap_l1df              <= flush_l1d
cap_md_clear          <= md_clear
cap_arch_capabilities <= arch_capabilities

Should fix #288
 2026-04-06 17:00:15 +00:00
github-actions[bot]
f8873048fc enh: read/write_msr: clearer error messages 
built from commit be91749d3a
 dated 2026-04-06 18:43:36 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 16:44:52 +00:00
github-actions[bot]
463e33d61c fix: CVE-2017-5715 (Spectre V2): Red Hat specific fix for RSB Filling (fixes #235) 
built from commit d040c0ffc3
 dated 2026-04-06 17:40:59 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 15:42:13 +00:00
github-actions[bot]
4d1af90420 fix: better compatibility under busybox, silence buggy unzlma versions (fix #432) 
built from commit fc34cb729b
 dated 2026-04-06 17:12:21 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 15:14:01 +00:00
github-actions[bot]
e8a3c7d7f5 fix: wrmsr: specify core number (closes #294) 
built from commit fe5bf7c003
 dated 2026-04-06 17:01:17 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 15:02:33 +00:00
github-actions[bot]
8ae598802c enh: clearer kernel info section at the top of the script 
built from commit ac09be87b5
 dated 2026-04-06 15:00:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 13:01:21 +00:00
github-actions[bot]
48a4c0e49c chore: add comment about is_intel/amd/hygon recursion 
built from commit 730dd50024
 dated 2026-04-06 13:46:11 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 12:06:52 +00:00
github-actions[bot]
1557bbee42 doc: document Platypus (CVE-2020-8694 CVE-2020-8695) as out of scope (#384) 
built from commit fe133e97e0205c7643d8648d0fbb19c67c65636a
 dated 2026-04-06 13:26:38 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 11:27:56 +00:00
github-actions[bot]
4530f39fae doc: document CVE-2020-24511 and CVE-2020-24512 as being out of scope along with rationale (#409) 
built from commit 7b36ca50b860666a5ec605992b3ffe2308199290
 dated 2026-04-06 13:07:20 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 11:08:28 +00:00
github-actions[bot]
d247733496 fix: CPUs affected by MSBDS but not MDS (fix #351) 
built from commit 716caae53f8ee8a6276a8fa0b9327b3ee3f4a3e0
 dated 2026-04-06 12:58:03 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 10:59:40 +00:00
github-actions[bot]
fc66ee567a doc: add CVE-2019-11157 (Plundervolt) to unsupported CVE list 
built from commit 00386b80f6d0ef82def918e4cef1b5193c57966a
 dated 2026-04-06 12:38:57 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 10:40:10 +00:00
github-actions[bot]
072b98cefd fix: better detect kernel lockdown & no longer require cap_flush_cmd to deem CVE-2018-3615 as mitigated (fix #296) 
built from commit c3b8c59a8c08a321fec1a6f30739c301ef6e6062
 dated 2026-04-06 12:29:26 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 10:30:36 +00:00
github-actions[bot]
bceb62f982 feat: implement check for MMIO Stale Data (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) (#437) 
built from commit ee28c1107ec2255caeb85cf0c47a2d1b5034e7a5
 dated 2026-04-06 11:25:51 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 09:31:08 +00:00
github-actions[bot]
aacdd35c57 doc: add Blindside to unsupported list (#374) 
built from commit 02ffdc7a405e1c5b59a64dc8891db8fde46cf824
 dated 2026-04-06 10:27:17 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 08:28:38 +00:00
github-actions[bot]
c0a389b086 doc: add CVE-2020-0549 (L1D Eviction Sampling, CacheOut) as unsupported 
built from commit ef57f070db
 dated 2026-04-06 03:33:32 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 01:34:41 +00:00
github-actions[bot]
726f9e54f5 fix: CVE-2019-11135 (TAA) detect new 0x10F MSR for TSX-disabled CPUs (#414) 
built from commit 0caabfc220
 dated 2026-04-06 03:23:56 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 01:25:09 +00:00
github-actions[bot]
11210ab772 fix: CVE-2024-3635[0,7] don't print lines about TSA CPUID bits under non-AMD 
built from commit 6106dce8d8
 dated 2026-04-06 03:09:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 01:10:32 +00:00
github-actions[bot]
624aef4a46 feat: add CVE-2023-20588 (AMD DIV0 bug) (#473) 
built from commit b71465ff74
 dated 2026-04-06 02:40:09 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 00:47:00 +00:00
github-actions[bot]
b6a7ee2345 doc: add CVE-2024-2201 (Native BHI) and TLBleed as unsupported 
built from commit 2cfb4f5d20019825c1865af9868047877537c840
 dated 2026-04-06 02:23:52 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 00:25:24 +00:00
github-actions[bot]
5698711b3d fix: CVE-2020-0543 (SRBDS): microcode mitigation misdetected (#492) 
built from commit 41251d8e51ec7fcff6025bf772ae8b6778d0c641
 dated 2026-04-06 00:58:49 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 23:00:02 +00:00
github-actions[bot]
e0f9aeab81 enh: detect IPBP return predictor bypass in Inception/SRSO ("PB-Inception") (#500) 
built from commit 766441a1c730d15aa135ebe2be414d9b00ee11f8
 dated 2026-04-06 00:45:09 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)

 AMD Zen 1-3 CPUs don't flush return predictions on IBPB, allowing
cross-process Spectre attacks even with IBPB-on-entry active. The kernel
fix (v6.12+, backported) adds RSB fill after IBPB on affected CPUs.
Detect this gap by checking CPUID IBPB_RET bit and kernel ibpb_no_ret
bug flag, and flag systems relying on IBPB without the RSB fill fix.
 2026-04-05 22:47:43 +00:00
github-actions[bot]
2f550ba8cd fix: don't default to 0x0 ucode when unknown 
built from commit 9775d4762d97da696022ecb4dc3ef83f85318667
 dated 2026-04-06 00:38:55 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:40:17 +00:00
github-actions[bot]
3f60773ec4 enh: MDS FreeBSD: detect software mitigation as OK unless --paranoid (#503) 
built from commit f5c42098c3
 dated 2026-04-06 00:17:32 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:18:42 +00:00
github-actions[bot]
acaf3b684f doc: update dev guidelines 
built from commit bbdf54cf7f
 dated 2026-04-05 23:58:14 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:01:40 +00:00
github-actions[bot]
0ec51090ae fix: add rebleet to --variant 
built from commit 75d053a0f1
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:22:49 +00:00
github-actions[bot]
e9cb988409 fix: add rebleet to --variant 
built from commit 1b3ef84bcf68508148673e878221b9c35a463d1f
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:21:37 +00:00
github-actions[bot]
c147f3f7d4 retbl 
built from commit 8e50dabb2d6d2e9299679c6ffcc8c69aa4756f7a
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:19:20 +00:00
github-actions[bot]
065f19e313 enh: add known fixed ucode versions for CVE-2023-23583 (Reptar) and CVE-2024-45332 (BPI) 
built from commit da7b9bd282
 dated 2026-04-04 17:50:04 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 15:51:28 +00:00
github-actions[bot]
1214e63687 chore: reorder CVE list in README.md 
built from commit 5a29f5837c
 dated 2026-04-04 16:14:05 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 14:33:25 +00:00
github-actions[bot]
67be7eb116 chore: reorder CVE list in README.md 
built from commit ad98a15c6578fc58d0f84e9a39ea9671f5ef561a
 dated 2026-04-04 16:14:05 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 14:16:02 +00:00
github-actions[bot]
b4db134e49 feat: implement CVE-2025-40300 (VMScape) and CVE-2024-45332 (BTI) 
built from commit 6273344e62f9a56dc0dd834d1bd977c5af43a98d
 dated 2026-04-04 14:41:09 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 13:08:23 +00:00
github-actions[bot]
d7cd9e8b6b add a generated version of src/libs/003_intel_models.sh 
built from commit 533943ed644da77239cb5dbaddd1c7cd7f977388
 dated 2026-04-04 14:20:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 12:24:10 +00:00
github-actions[bot]
a4c3900ef0 add a generated version of src/libs/003_intel_models.sh 
built from commit a7e80c1d57b82f9971d0114cf67aa2fc7875ec76
 dated 2026-04-04 14:20:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 12:21:51 +00:00
github-actions[bot]
1d00acbc9a chore: don't include src/ generated files in build 
built from commit a77cf8264f
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:56:42 +00:00
github-actions[bot]
90a8a3057c chore: don't include src/ generated files in build 
built from commit b7dc3efcd99cb66193db2729046bde4915dd026c
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:54:17 +00:00
github-actions[bot]
40b7ae9098 chore: don't include src/ generated files in build 
built from commit 35fd7603425d409d76ea4071ec3be5c38dbb1967
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:50:52 +00:00
github-actions[bot]
27ac93dd39 doc: CVE-2018-3693 CVE-2019-1125 CVE-2019-15902 unsupported or already included 
built from commit ae5493257e
 dated 2026-04-02 23:22:31 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:23:44 +00:00
github-actions[bot]
dab7bebd3c doc: CVE-2018-15572 is already implemented along Spectre V2 
built from commit 47e202100a
 dated 2026-04-02 23:10:39 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:13:46 +00:00