github-actions[bot]
90a8a3057c
chore: don't include src/ generated files in build
...
built from commit b7dc3efcd99cb66193db2729046bde4915dd026c
dated 2026-04-02 23:49:40 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-04-02 21:54:17 +00:00
github-actions[bot]
40b7ae9098
chore: don't include src/ generated files in build
...
built from commit 35fd7603425d409d76ea4071ec3be5c38dbb1967
dated 2026-04-02 23:49:40 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-04-02 21:50:52 +00:00
github-actions[bot]
27ac93dd39
doc: CVE-2018-3693 CVE-2019-1125 CVE-2019-15902 unsupported or already included
...
built from commit ae5493257espeed47_github@speed47.net )
2026-04-02 21:23:44 +00:00
github-actions[bot]
dab7bebd3c
doc: CVE-2018-15572 is already implemented along Spectre V2
...
built from commit 47e202100aspeed47_github@speed47.net )
2026-04-02 21:13:46 +00:00
github-actions[bot]
8f76537159
doc: CVE-2018-15572 is already implemented along Spectre V2
...
built from commit 9d9ca447dffc171be0b8d519c74fb163f161c06a
dated 2026-04-02 23:10:39 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-04-02 21:11:59 +00:00
github-actions[bot]
fd7083cb08
doc: CVE-2018-9056 is out of scope ( closes #169 )
...
built from commit 0edb357894speed47_github@speed47.net )
2026-04-02 20:59:55 +00:00
github-actions[bot]
8ef4c71d36
enh: group results by 4 in the summary line at the end of the run
...
built from commit 86e0fae48aspeed47_github@speed47.net )
2026-04-02 20:46:29 +00:00
github-actions[bot]
240d6db210
enh: rework VERSION adjust when we're cloned
...
built from commit cb3b9a37faspeed47_github@speed47.net )
2026-04-02 20:35:00 +00:00
github-actions[bot]
fbfdb89e7a
chore: add proper header to all src/vulns/* files
...
built from commit 3ea8e213ecspeed47_github@speed47.net )
2026-04-02 19:35:40 +00:00
github-actions[bot]
5c571bacc6
enh: CVE-2022-40982 (Downfall) overhaul
...
built from commit e7fa2f30ccspeed47_github@speed47.net )
- added `--kernel-config` support for all three Kconfig variants seen over all kernel versions up to now
- added `--kernel-map` support for `gds_select_mitigation` in `System.map`
- fixed the `--sysfs-only` mode
- added verbose information about remediation when `--explain` is used
- implemented `--paranoid mode`, requiring `GDS_MITIGATION_LOCKED` so that mitigation can't be disabled at runtime
- fixed offline mode (was wrongly looking at the system `dmesg`)
- better microcode status reporting (enabled, disabled, unsupported, unknown)
- fixed unknown (EOL) AVX-capable Intel family 6 CPUs now defaulting to affected
- fixed 2 missing known affected CPU models: INTEL_FAM6_SKYLAKE_L and INTEL_FAM6_SKYLAKE
- fixed case when we're running in a VM and the hypervisor doesn't let us read the MSR
2026-04-02 18:11:41 +00:00
github-actions[bot]
6f8112c700
enh: CVE-2022-40982 (Downfall) overhaul
...
built from commit c4c4ea8c0a5f2ffde852a22f26b9801bca61139a
dated 2026-04-02 19:55:25 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
- added `--kernel-config` support for all three Kconfig variants seen over all kernel versions up to now
- added `--kernel-map` support for `gds_select_mitigation` in `System.map`
- fixed the `--sysfs-only` mode
- added verbose information about remediation when `--explain` is used
- implemented `--paranoid mode`, requiring `GDS_MITIGATION_LOCKED` so that mitigation can't be disabled at runtime
- fixed offline mode (was wrongly looking at the system `dmesg`)
- better microcode status reporting (enabled, disabled, unsupported, unknown)
- fixed unknown (EOL) AVX-capable Intel family 6 CPUs now defaulting to affected
- fixed 2 missing known affected CPU models: INTEL_FAM6_SKYLAKE_L and INTEL_FAM6_SKYLAKE
2026-04-02 18:03:22 +00:00
github-actions[bot]
f46c743cad
chore: build: also add new files, handle github workflows
...
built from commit c799974038speed47_github@speed47.net )
2026-04-02 16:48:13 +00:00
github-actions[bot]
33bdd0688d
chore: conditional workflows on all branches
...
built from commit 5e2af29e6aspeed47_github@speed47.net )
2026-04-02 16:39:04 +00:00
github-actions[bot]
7f87ade3fe
chore: conditional workflows on all branches
...
built from commit 44312e3ed385437674a56340b53ca59df291fc41
dated 2026-04-02 18:36:43 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-04-02 16:38:01 +00:00
github-actions[bot]
e2d4d14e14
chore: add stalebot in dryrun
...
built from commit 5fc008f2d4speed47_github@speed47.net )
2026-04-02 11:36:58 +00:00
github-actions[bot]
ddf2f2c723
chore: add stalebot in dryrun
...
built from commit 5fc008f2d4speed47_github@speed47.net )
2026-04-02 11:14:30 +00:00
github-actions[bot]
fe376887ab
enh: CVE-2017-5715; check for unprivileged eBPF for paranoid mode
...
built from commit e5c6d2d905speed47_github@speed47.net )
2026-04-01 20:39:36 +00:00
github-actions[bot]
7b41bcca2b
chore: shellcheck fixes
...
built from commit ac327ce7c5speed47_github@speed47.net )
2026-04-01 20:11:58 +00:00
github-actions[bot]
151dd12e3e
fix: cap_rdcl_no, cap_gds_no, cap_tsa_*_no were not setting the current CPU status as immune for their respective vulns
...
built from commit 278989d550speed47_github@speed47.net )
2026-03-31 22:48:56 +00:00
github-actions[bot]
15ea90f312
enh: draft rework of CVE-2017-5753 aka spectre v1
...
built from commit 4738e8f0adspeed47_github@speed47.net )
2026-03-31 22:23:17 +00:00
github-actions[bot]
5fd6a20ebb
chore: readme: add a second table one about impact/mitigation, rework sections
...
built from commit c20369d9e3899b03280bf72893956f36844bc969
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 22:09:49 +00:00
github-actions[bot]
e7df6a3e30
chore: readme: add a second table one about impact/mitigation
...
built from commit 4f16822bb11f5b8461647c228a7f2087d5716aea
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 22:05:17 +00:00
github-actions[bot]
ba24551c56
chore: readme: add a second table one about impact/mitigation
...
built from commit 25a7e7089a3c14f0b2d1320995b08d9d941d8c51
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 22:02:37 +00:00
github-actions[bot]
7c2699c01a
chore: readme: add a second table one about impact/mitigation
...
built from commit 3e969c94e04e48f8db9dbb5603371e1180a4d32a
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 21:53:12 +00:00
github-actions[bot]
6663b6422e
chore: readme: add a second table one about impact/mitigation
...
built from commit b74adb0957c471014dce284b2b6bf8cad85edf38
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 21:43:28 +00:00
github-actions[bot]
fe55c70658
chore: clearer CVE table in README.md
...
built from commit 9bbefb7bae40c7c240641b3f714691a76976c9c0
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 21:01:37 +00:00
github-actions[bot]
d0822e1f9d
chore: prepare for dev-build renaming to test-build
...
built from commit 295324a545speed47_github@speed47.net )
2026-03-31 17:53:45 +00:00
github-actions[bot]
10e5b5749e
chore: set VERSION when building
...
built from commit efa07e7fd9speed47_github@speed47.net )
2026-03-30 22:22:20 +00:00
github-actions[bot]
4f7f83a40e
chore: set VERSION when building
...
built from commit 88099e12bf082112a1579e2cd37f010c29463e9d
dated 2026-03-30 23:46:13 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-30 21:51:45 +00:00
github-actions[bot]
0f36203b5f
chore: adjust workflow for dev-build
...
built from commit 254f8ece6de39214c5e25694b0fea8c2ddfbf511
dated 2026-03-30 21:24:34 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-30 21:08:41 +00:00
speed47
61cc0f3a35
update: fwdb from v347+i20251110+615b to v349+i20260227+615b, 50 microcode changes
2026-03-28 01:52:17 +00:00
Stéphane Lesimple
a20641fbad
fix: handle non-numeric ARM CPU architecture values
...
Some old ARM processors (e.g., ARM926EJ-S) report CPU architecture
with suffix in /proc/cpuinfo (e.g., "5TEJ" for ARMv5TEJ).
This caused an "integer expression expected" error when comparing
against numeric values. Extract the numeric prefix before integer comparisons.
Fixes #505 .
2026-01-25 12:57:41 +01:00
Stéphane Lesimple
d550ea8c85
fix: harmless 'dmesg: write error' that could happen on some systems
...
Fixes #519 .
2026-01-25 11:53:13 +01:00
Stéphane Lesimple
8e33a1dbf2
fix: set cpu_* vars to a default value
...
On ARM64 systems, /proc/cpuinfo uses different field names (CPU implementer,
CPU variant, CPU part, CPU revision) instead of x86-style fields (cpu family,
model, stepping). This left these variables empty, causing printf to fail
with 'invalid number' errors when formatting them as hex values.
Fixes #520 .
2026-01-25 11:38:50 +01:00
speed47
68b4617fd4
update: fwdb from v345+i20251110+4df2 to v347+i20251110+615b, 2 microcode changes
2026-01-01 11:48:36 +01:00
speed47
9fed5ceb33
update: fwdb from v344+i20250811+1523 to v345+i20251110+4df2, 45 microcode changes
2025-11-23 12:38:27 +01:00
Gabriel Francisco
a8466b74fe
fix CVE-2017-5715 reporting when IBRS_FW is enabled
2025-10-27 08:42:51 +01:00
speed47
b99be2363c
update: fwdb from v296+i20240514+988c to v344+i20250811+1523, 128 microcode changes
2025-10-26 22:08:07 +01:00
Stéphane Lesimple
c2c60e0161
chore: fix recent shellcheck warnings
2025-10-25 20:48:38 +02:00
Jörg Sommer
bae43d8370
Replace head -1 by head -n1
...
The info page of GNU head says:
> For compatibility 'head' also supports an obsolete option syntax
> '-[NUM][bkm][cqv]', [...] Scripts intended for standard hosts should use
> '-c NUM' or '-n NUM' instead.
At least busybox's head does not support the `-NUM` syntax.
2025-10-25 20:45:24 +02:00
Stéphane Lesimple
34c6095912
fix: Linux 6.9+ changed some config options names ( #490 )
...
Issue #490 is about retpoline but other options have also changed,
as reported by a comment on the issue, this commit fixes these
other options:
Breno Leitao (10):
x86/bugs: Rename CONFIG_GDS_FORCE_MITIGATION => CONFIG_MITIGATION_GDS_FORCE
x86/bugs: Rename CONFIG_CPU_IBPB_ENTRY => CONFIG_MITIGATION_IBPB_ENTRY
x86/bugs: Rename CONFIG_CALL_DEPTH_TRACKING => CONFIG_MITIGATION_CALL_DEPTH_TRACKING
x86/bugs: Rename CONFIG_PAGE_TABLE_ISOLATION => CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
x86/bugs: Rename CONFIG_RETPOLINE => CONFIG_MITIGATION_RETPOLINE
x86/bugs: Rename CONFIG_SLS => CONFIG_MITIGATION_SLS
x86/bugs: Rename CONFIG_CPU_UNRET_ENTRY => CONFIG_MITIGATION_UNRET_ENTRY
x86/bugs: Rename CONFIG_CPU_IBRS_ENTRY => CONFIG_MITIGATION_IBRS_ENTRY
x86/bugs: Rename CONFIG_CPU_SRSO => CONFIG_MITIGATION_SRSO
x86/bugs: Rename CONFIG_RETHUNK => CONFIG_MITIGATION_RETHUNK
2024-08-04 15:15:45 +02:00
Ivan Zahariev
388d44edbd
Fix Retpoline detection for Linux 6.9+ (issue #490 )
2024-08-04 13:41:01 +02:00
Stéphane Lesimple
bd0c7c94b5
fix: typo introduced by #483 , fixes #486
2024-05-18 13:01:48 +02:00
Stéphane Lesimple
d70e4c2974
fwdb: update to v296+i20240514+988c
2024-05-18 13:01:48 +02:00
Stéphane Lesimple
4e29fb5a21
fix: ucode_platformid_mask is hexa ( fixes #485 )
2024-02-15 17:27:12 +01:00
Stephane Lesimple
0f2edb1a71
feat: blacklist some more microcodes ( fixes #475 )
2024-01-09 18:54:39 +01:00
Stephane Lesimple
8ac2539a2a
fix: microcode check now supports pf_mask ( fixes #482 )
2024-01-09 17:05:18 +01:00
Stéphane Lesimple
97f4d5f2bc
feat(reptar): add detection and mitigation of Reptar
2024-01-09 15:38:16 +01:00
Stéphane Lesimple
9b7b09ada3
fix(inception): continued mitigation detection
2023-08-25 18:50:53 +02:00
Sébastien Mériot
c94811e63d
fix(inception): Zen1/2 results based on kernel mitigations
2023-08-25 18:50:53 +02:00
