peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-09 10:13:18 +02:00
Code Issues Projects Releases Wiki Activity
689 Commits 5 Branches 48 Tags
61fa02d577297a0eb20376cbdcaa164fcfa03cbd
Commit Graph

689 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stéphane Lesimple
61fa02d577 feat: rework the --batch prometheus output entirely 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
39dea1245e feat: rework the --batch json output entirely 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3afbda8430 enh: when reading CPUID is unavailable (VM?), fallback to cpuinfo where applicable 
cap_* variable <= cpuinfo flag

cap_ibrs              <= ibrs
cap_ibpb              <= ibpb
cap_stibp             <= stibp
cap_ssbd              <= ssbd / virt_ssbd
cap_l1df              <= flush_l1d
cap_md_clear          <= md_clear
cap_arch_capabilities <= arch_capabilities

Should fix #288
 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
6d69ce9a77 enh: read/write_msr: clearer error messages 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3ebfba2ac2 fix: CVE-2017-5715 (Spectre V2): Red Hat specific fix for RSB Filling (fixes #235) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
a3f6553e65 fix: read/write msr and lockdown: fix a variable error, properly report lockdown to users 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
42ed8efa65 fix: better compatibility under busybox, silence buggy unzlma versions (fix #432) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
2c766b7cc6 fix: wrmsr: specify core number (closes #294) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
49472f1b64 enh: clearer kernel info section at the top of the script 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
333aa74fea enh: clearer CPU details section 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
8d9504d174 chore: add comment about is_intel/amd/hygon recursion 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
6043f586ef enh: update IntelDB affected CPU list to 2026-04 data, including Hybrid CPU detection 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
e1ace7c281 doc: document Platypus (CVE-2020-8694 CVE-2020-8695) as out of scope (#384) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
24ab98d757 doc: document CVE-2020-24511 and CVE-2020-24512 as being out of scope along with rationale (#409) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
155b3808b9 fix: CPUs affected by MSBDS but not MDS (fix #351) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
b6a41918b0 doc: add CVE-2019-11157 (Plundervolt) to unsupported CVE list 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3c56ac35dd fix: better detect kernel lockdown & no longer require cap_flush_cmd to deem CVE-2018-3615 as mitigated (fix #296) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
b0bb1f4676 feat: implement check for MMIO Stale Data (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) (#437) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
0fa7e44327 doc: add Blindside to unsupported list (#374) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
f100b4e1dc doc: add CVE-2020-0549 (L1D Eviction Sampling, CacheOut) as unsupported 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
6332fc3405 fix: CVE-2019-11135 (TAA) detect new 0x10F MSR for TSX-disabled CPUs (#414) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3c61c7489b fix: CVE-2024-3635[0,7] don't print lines about TSA CPUID bits under non-AMD 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3d01978cd4 feat: add CVE-2023-20588 (AMD DIV0 bug) (#473) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
53c45e3363 doc: update dev guidelines 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
acf8b585a5 doc: add CVE-2024-2201 (Native BHI) and TLBleed as unsupported 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
076a1d5723 fix: CVE-2020-0543 (SRBDS): microcode mitigation misdetected (#492) 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
ee618ead07 enh: detect IPBP return predictor bypass in Inception/SRSO ("PB-Inception") (#500) 
AMD Zen 1-3 CPUs don't flush return predictions on IBPB, allowing
cross-process Spectre attacks even with IBPB-on-entry active. The kernel
fix (v6.12+, backported) adds RSB fill after IBPB on affected CPUs.
Detect this gap by checking CPUID IBPB_RET bit and kernel ibpb_no_ret
bug flag, and flag systems relying on IBPB without the RSB fill fix.
 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
1ff1dfbe26 fix: don't default to 0x0 ucode when unknown 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
78e4d25319 fix: bsd: use proper MSR for AMD in ucode version read fallback 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
24ed9ccaf6 enh: MDS FreeBSD: detect software mitigation as OK unless --paranoid (#503) 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
a49234ed96 doc: add CVE-2021-26318 (ADM Prefetch) to unsupported list 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
2ed15da028 feat: implement CVE-2023-28746 (RFDS, Register File Data Sampling) 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
0fcdc6e6cc feat: add SLS (Straight-Line Speculation) check with --extra option 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
7a7408d124 fix: add rebleet to --variant 2026-04-04 16:22:05 +00:00
Stéphane Lesimple
cccb3c0081 enh: add known fixed ucode versions for CVE-2023-23583 (Reptar) and CVE-2024-45332 (BPI) 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
090f109c52 doc: add CVE-2023-31315 (SinkClose) to the unsupported list, add categories 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
5dc9c3c18d chore: reorder CVE list in README.md 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
a00fab131f feat: implement CVE-2025-40300 (VMScape) and CVE-2024-45332 (BTI) 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
e0b818f8fa chore: stalebot: disable dryrun by default 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
4af11551ba feat: implement CVE-2024-28956 (ITS, Indirect Target Selection) vulnerability and mitigation detection 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
dfed6f35c5 doc: add note about more unsupported CVEs 
CVE-2020-12965 - Transient Execution of Non-Canonical Accesses (SLAM)
CVE-2024-7881 - ARM Prefetcher Privilege Escalation
CVE-2024-56161 - EntrySign (AMD Microcode Signature Bypass)
CVE-2025-20623 - Shared Microarchitectural Predictor State (10th Gen Intel)
CVE-2025-24495 - Lion Cove BPU Initialization
CVE-2025-29943 - StackWarp (AMD SEV-SNP)
 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
1652977f47 add a generated version of src/libs/003_intel_models.sh 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
a089ae8cef fix: sys_interface_check() must set the caller's $msg var (closes #533) 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
cc6bbaad19 chore: don't include src/ generated files in build 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
2717b0a4be doc: CVE-2020-12965 unsupported (#478) 2026-04-04 16:07:12 +00:00
Stéphane Lesimple
6fac2d8ff1 Merge pull request #532 from speed47/test 
Retbleed / Downfall overhald / doc updates
 2026-04-02 21:32:39 +00:00
Stéphane Lesimple
ae5493257e doc: CVE-2018-3693 CVE-2019-1125 CVE-2019-15902 unsupported or already included 2026-04-02 23:22:31 +02:00
Stéphane Lesimple
47e202100a doc: CVE-2018-15572 is already implemented along Spectre V2 2026-04-02 23:12:29 +02:00
Stéphane Lesimple
0edb357894 doc: CVE-2018-9056 is out of scope (closes #169) 2026-04-02 22:58:45 +02:00
Stéphane Lesimple
ed6a0a2882 doc: unsupported CVE list 2026-04-02 22:51:55 +02:00