peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-07 09:13:20 +02:00
Code Issues Projects Releases Wiki Activity
636 Commits 5 Branches 48 Tags
4d1af904207d10436561fb228e2abeb653ee73ea
Commit Graph

636 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
4d1af90420 fix: better compatibility under busybox, silence buggy unzlma versions (fix #432) 
built from commit fc34cb729b
 dated 2026-04-06 17:12:21 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 15:14:01 +00:00
github-actions[bot]
e8a3c7d7f5 fix: wrmsr: specify core number (closes #294) 
built from commit fe5bf7c003
 dated 2026-04-06 17:01:17 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 15:02:33 +00:00
github-actions[bot]
8ae598802c enh: clearer kernel info section at the top of the script 
built from commit ac09be87b5
 dated 2026-04-06 15:00:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 13:01:21 +00:00
github-actions[bot]
48a4c0e49c chore: add comment about is_intel/amd/hygon recursion 
built from commit 730dd50024
 dated 2026-04-06 13:46:11 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 12:06:52 +00:00
github-actions[bot]
1557bbee42 doc: document Platypus (CVE-2020-8694 CVE-2020-8695) as out of scope (#384) 
built from commit fe133e97e0205c7643d8648d0fbb19c67c65636a
 dated 2026-04-06 13:26:38 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 11:27:56 +00:00
github-actions[bot]
4530f39fae doc: document CVE-2020-24511 and CVE-2020-24512 as being out of scope along with rationale (#409) 
built from commit 7b36ca50b860666a5ec605992b3ffe2308199290
 dated 2026-04-06 13:07:20 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 11:08:28 +00:00
github-actions[bot]
d247733496 fix: CPUs affected by MSBDS but not MDS (fix #351) 
built from commit 716caae53f8ee8a6276a8fa0b9327b3ee3f4a3e0
 dated 2026-04-06 12:58:03 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 10:59:40 +00:00
github-actions[bot]
fc66ee567a doc: add CVE-2019-11157 (Plundervolt) to unsupported CVE list 
built from commit 00386b80f6d0ef82def918e4cef1b5193c57966a
 dated 2026-04-06 12:38:57 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 10:40:10 +00:00
github-actions[bot]
072b98cefd fix: better detect kernel lockdown & no longer require cap_flush_cmd to deem CVE-2018-3615 as mitigated (fix #296) 
built from commit c3b8c59a8c08a321fec1a6f30739c301ef6e6062
 dated 2026-04-06 12:29:26 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 10:30:36 +00:00
github-actions[bot]
bceb62f982 feat: implement check for MMIO Stale Data (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) (#437) 
built from commit ee28c1107ec2255caeb85cf0c47a2d1b5034e7a5
 dated 2026-04-06 11:25:51 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 09:31:08 +00:00
github-actions[bot]
aacdd35c57 doc: add Blindside to unsupported list (#374) 
built from commit 02ffdc7a405e1c5b59a64dc8891db8fde46cf824
 dated 2026-04-06 10:27:17 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 08:28:38 +00:00
github-actions[bot]
c0a389b086 doc: add CVE-2020-0549 (L1D Eviction Sampling, CacheOut) as unsupported 
built from commit ef57f070db
 dated 2026-04-06 03:33:32 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 01:34:41 +00:00
github-actions[bot]
726f9e54f5 fix: CVE-2019-11135 (TAA) detect new 0x10F MSR for TSX-disabled CPUs (#414) 
built from commit 0caabfc220
 dated 2026-04-06 03:23:56 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 01:25:09 +00:00
github-actions[bot]
11210ab772 fix: CVE-2024-3635[0,7] don't print lines about TSA CPUID bits under non-AMD 
built from commit 6106dce8d8
 dated 2026-04-06 03:09:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 01:10:32 +00:00
github-actions[bot]
624aef4a46 feat: add CVE-2023-20588 (AMD DIV0 bug) (#473) 
built from commit b71465ff74
 dated 2026-04-06 02:40:09 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 00:47:00 +00:00
github-actions[bot]
b6a7ee2345 doc: add CVE-2024-2201 (Native BHI) and TLBleed as unsupported 
built from commit 2cfb4f5d20019825c1865af9868047877537c840
 dated 2026-04-06 02:23:52 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 00:25:24 +00:00
github-actions[bot]
5698711b3d fix: CVE-2020-0543 (SRBDS): microcode mitigation misdetected (#492) 
built from commit 41251d8e51ec7fcff6025bf772ae8b6778d0c641
 dated 2026-04-06 00:58:49 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 23:00:02 +00:00
github-actions[bot]
e0f9aeab81 enh: detect IPBP return predictor bypass in Inception/SRSO ("PB-Inception") (#500) 
built from commit 766441a1c730d15aa135ebe2be414d9b00ee11f8
 dated 2026-04-06 00:45:09 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)

 AMD Zen 1-3 CPUs don't flush return predictions on IBPB, allowing
cross-process Spectre attacks even with IBPB-on-entry active. The kernel
fix (v6.12+, backported) adds RSB fill after IBPB on affected CPUs.
Detect this gap by checking CPUID IBPB_RET bit and kernel ibpb_no_ret
bug flag, and flag systems relying on IBPB without the RSB fill fix.
 2026-04-05 22:47:43 +00:00
github-actions[bot]
2f550ba8cd fix: don't default to 0x0 ucode when unknown 
built from commit 9775d4762d97da696022ecb4dc3ef83f85318667
 dated 2026-04-06 00:38:55 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:40:17 +00:00
github-actions[bot]
3f60773ec4 enh: MDS FreeBSD: detect software mitigation as OK unless --paranoid (#503) 
built from commit f5c42098c3
 dated 2026-04-06 00:17:32 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:18:42 +00:00
github-actions[bot]
acaf3b684f doc: update dev guidelines 
built from commit bbdf54cf7f
 dated 2026-04-05 23:58:14 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:01:40 +00:00
github-actions[bot]
0ec51090ae fix: add rebleet to --variant 
built from commit 75d053a0f1
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:22:49 +00:00
github-actions[bot]
e9cb988409 fix: add rebleet to --variant 
built from commit 1b3ef84bcf68508148673e878221b9c35a463d1f
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:21:37 +00:00
github-actions[bot]
c147f3f7d4 retbl 
built from commit 8e50dabb2d6d2e9299679c6ffcc8c69aa4756f7a
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:19:20 +00:00
github-actions[bot]
065f19e313 enh: add known fixed ucode versions for CVE-2023-23583 (Reptar) and CVE-2024-45332 (BPI) 
built from commit da7b9bd282
 dated 2026-04-04 17:50:04 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 15:51:28 +00:00
github-actions[bot]
1214e63687 chore: reorder CVE list in README.md 
built from commit 5a29f5837c
 dated 2026-04-04 16:14:05 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 14:33:25 +00:00
github-actions[bot]
67be7eb116 chore: reorder CVE list in README.md 
built from commit ad98a15c6578fc58d0f84e9a39ea9671f5ef561a
 dated 2026-04-04 16:14:05 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 14:16:02 +00:00
github-actions[bot]
b4db134e49 feat: implement CVE-2025-40300 (VMScape) and CVE-2024-45332 (BTI) 
built from commit 6273344e62f9a56dc0dd834d1bd977c5af43a98d
 dated 2026-04-04 14:41:09 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 13:08:23 +00:00
github-actions[bot]
d7cd9e8b6b add a generated version of src/libs/003_intel_models.sh 
built from commit 533943ed644da77239cb5dbaddd1c7cd7f977388
 dated 2026-04-04 14:20:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 12:24:10 +00:00
github-actions[bot]
a4c3900ef0 add a generated version of src/libs/003_intel_models.sh 
built from commit a7e80c1d57b82f9971d0114cf67aa2fc7875ec76
 dated 2026-04-04 14:20:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 12:21:51 +00:00
github-actions[bot]
1d00acbc9a chore: don't include src/ generated files in build 
built from commit a77cf8264f
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:56:42 +00:00
github-actions[bot]
90a8a3057c chore: don't include src/ generated files in build 
built from commit b7dc3efcd99cb66193db2729046bde4915dd026c
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:54:17 +00:00
github-actions[bot]
40b7ae9098 chore: don't include src/ generated files in build 
built from commit 35fd7603425d409d76ea4071ec3be5c38dbb1967
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:50:52 +00:00
github-actions[bot]
27ac93dd39 doc: CVE-2018-3693 CVE-2019-1125 CVE-2019-15902 unsupported or already included 
built from commit ae5493257e
 dated 2026-04-02 23:22:31 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:23:44 +00:00
github-actions[bot]
dab7bebd3c doc: CVE-2018-15572 is already implemented along Spectre V2 
built from commit 47e202100a
 dated 2026-04-02 23:10:39 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:13:46 +00:00
github-actions[bot]
8f76537159 doc: CVE-2018-15572 is already implemented along Spectre V2 
built from commit 9d9ca447dffc171be0b8d519c74fb163f161c06a
 dated 2026-04-02 23:10:39 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:11:59 +00:00
github-actions[bot]
fd7083cb08 doc: CVE-2018-9056 is out of scope (closes #169) 
built from commit 0edb357894
 dated 2026-04-02 22:58:45 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 20:59:55 +00:00
github-actions[bot]
8ef4c71d36 enh: group results by 4 in the summary line at the end of the run 
built from commit 86e0fae48a
 dated 2026-04-02 22:45:08 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 20:46:29 +00:00
github-actions[bot]
240d6db210 enh: rework VERSION adjust when we're cloned 
built from commit cb3b9a37fa
 dated 2026-04-02 22:32:22 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 20:35:00 +00:00
github-actions[bot]
fbfdb89e7a chore: add proper header to all src/vulns/* files 
built from commit 3ea8e213ec
 dated 2026-04-02 20:47:54 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 19:35:40 +00:00
github-actions[bot]
5c571bacc6 enh: CVE-2022-40982 (Downfall) overhaul 
built from commit e7fa2f30cc
 dated 2026-04-02 19:55:25 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)

 - added `--kernel-config` support for all three Kconfig variants seen over all kernel versions up to now
- added `--kernel-map` support for `gds_select_mitigation` in `System.map`
- fixed the `--sysfs-only` mode
- added verbose information about remediation when `--explain` is used
- implemented `--paranoid mode`, requiring `GDS_MITIGATION_LOCKED` so that mitigation can't be disabled at runtime
- fixed offline mode (was wrongly looking at the system `dmesg`)
- better microcode status reporting (enabled, disabled, unsupported, unknown)
- fixed unknown (EOL) AVX-capable Intel family 6 CPUs now defaulting to affected
- fixed 2 missing known affected CPU models: INTEL_FAM6_SKYLAKE_L and INTEL_FAM6_SKYLAKE
- fixed case when we're running in a VM and the hypervisor doesn't let us read the MSR
 2026-04-02 18:11:41 +00:00
github-actions[bot]
6f8112c700 enh: CVE-2022-40982 (Downfall) overhaul 
built from commit c4c4ea8c0a5f2ffde852a22f26b9801bca61139a
 dated 2026-04-02 19:55:25 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)

 - added `--kernel-config` support for all three Kconfig variants seen over all kernel versions up to now
- added `--kernel-map` support for `gds_select_mitigation` in `System.map`
- fixed the `--sysfs-only` mode
- added verbose information about remediation when `--explain` is used
- implemented `--paranoid mode`, requiring `GDS_MITIGATION_LOCKED` so that mitigation can't be disabled at runtime
- fixed offline mode (was wrongly looking at the system `dmesg`)
- better microcode status reporting (enabled, disabled, unsupported, unknown)
- fixed unknown (EOL) AVX-capable Intel family 6 CPUs now defaulting to affected
- fixed 2 missing known affected CPU models: INTEL_FAM6_SKYLAKE_L and INTEL_FAM6_SKYLAKE
 2026-04-02 18:03:22 +00:00
github-actions[bot]
f46c743cad chore: build: also add new files, handle github workflows 
built from commit c799974038
 dated 2026-04-02 18:47:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 16:48:13 +00:00
github-actions[bot]
33bdd0688d chore: conditional workflows on all branches 
built from commit 5e2af29e6a
 dated 2026-04-02 18:36:43 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 16:39:04 +00:00
github-actions[bot]
7f87ade3fe chore: conditional workflows on all branches 
built from commit 44312e3ed385437674a56340b53ca59df291fc41
 dated 2026-04-02 18:36:43 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 16:38:01 +00:00
github-actions[bot]
e2d4d14e14 chore: add stalebot in dryrun 
built from commit 5fc008f2d4
 dated 2026-04-02 13:13:19 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 11:36:58 +00:00
github-actions[bot]
ddf2f2c723 chore: add stalebot in dryrun 
built from commit 5fc008f2d4
 dated 2026-04-02 13:13:19 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 11:14:30 +00:00
github-actions[bot]
fe376887ab enh: CVE-2017-5715; check for unprivileged eBPF for paranoid mode 
built from commit e5c6d2d905
 dated 2026-04-01 20:37:54 +0000
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-01 20:39:36 +00:00
github-actions[bot]
7b41bcca2b chore: shellcheck fixes 
built from commit ac327ce7c5
 dated 2026-04-01 20:10:29 +0000
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-01 20:11:58 +00:00
github-actions[bot]
151dd12e3e fix: cap_rdcl_no, cap_gds_no, cap_tsa_*_no were not setting the current CPU status as immune for their respective vulns 
built from commit 278989d550
 dated 2026-04-01 00:47:41 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:48:56 +00:00