peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-09 10:13:18 +02:00
Code Issues Projects Releases Wiki Activity
704 Commits 5 Branches 48 Tags
98ec067aef42dbad7e1daf7547402d22f99fcc3b
Commit Graph

704 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stéphane Lesimple
98ec067aef enh: rework json/prom output to better split x86/arm 2026-04-08 22:58:36 +02:00
Stéphane Lesimple
ff42393fa6 new batch mode docs, add doc/ to -build branch 2026-04-08 22:58:36 +02:00
Stéphane Lesimple
f0fb59310e fix: add a missing pstatus to CVE-2023-20588 check 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
be0f2d20d2 fix: remove misleading explain on correctly mitigated SLS 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3639de9e8a chore: fix github workflow check with new --batch output 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
df3c2aeaa3 add screenshot to README 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
945f70bb63 fix: early abort when using --allow-msr-write 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
db84fc10de chore: make fmt 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
60ea669e41 enh: better explain the 4 run modes 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
f1c0d5548c chg: remove --no-intel-db, it's now always used when available 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
9e617a4363 remove prometheus-legacy format 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
b9c203120b enh: --no-runtime and --no-hw modes replacing --live and implicit 'offline' mode 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3f7e0a11f7 enh: CVE-2018-3640 (Spectre 3a): enhance ARM mitigation detection 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
5c469787ea enh: rework --batch nrpe entirely 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
a952fe32c4 fix: exit_cleanup: don't lose passed exit code 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
61fa02d577 feat: rework the --batch prometheus output entirely 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
39dea1245e feat: rework the --batch json output entirely 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3afbda8430 enh: when reading CPUID is unavailable (VM?), fallback to cpuinfo where applicable 
cap_* variable <= cpuinfo flag

cap_ibrs              <= ibrs
cap_ibpb              <= ibpb
cap_stibp             <= stibp
cap_ssbd              <= ssbd / virt_ssbd
cap_l1df              <= flush_l1d
cap_md_clear          <= md_clear
cap_arch_capabilities <= arch_capabilities

Should fix #288
 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
6d69ce9a77 enh: read/write_msr: clearer error messages 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3ebfba2ac2 fix: CVE-2017-5715 (Spectre V2): Red Hat specific fix for RSB Filling (fixes #235) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
a3f6553e65 fix: read/write msr and lockdown: fix a variable error, properly report lockdown to users 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
42ed8efa65 fix: better compatibility under busybox, silence buggy unzlma versions (fix #432) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
2c766b7cc6 fix: wrmsr: specify core number (closes #294) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
49472f1b64 enh: clearer kernel info section at the top of the script 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
333aa74fea enh: clearer CPU details section 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
8d9504d174 chore: add comment about is_intel/amd/hygon recursion 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
6043f586ef enh: update IntelDB affected CPU list to 2026-04 data, including Hybrid CPU detection 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
e1ace7c281 doc: document Platypus (CVE-2020-8694 CVE-2020-8695) as out of scope (#384) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
24ab98d757 doc: document CVE-2020-24511 and CVE-2020-24512 as being out of scope along with rationale (#409) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
155b3808b9 fix: CPUs affected by MSBDS but not MDS (fix #351) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
b6a41918b0 doc: add CVE-2019-11157 (Plundervolt) to unsupported CVE list 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3c56ac35dd fix: better detect kernel lockdown & no longer require cap_flush_cmd to deem CVE-2018-3615 as mitigated (fix #296) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
b0bb1f4676 feat: implement check for MMIO Stale Data (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) (#437) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
0fa7e44327 doc: add Blindside to unsupported list (#374) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
f100b4e1dc doc: add CVE-2020-0549 (L1D Eviction Sampling, CacheOut) as unsupported 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
6332fc3405 fix: CVE-2019-11135 (TAA) detect new 0x10F MSR for TSX-disabled CPUs (#414) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3c61c7489b fix: CVE-2024-3635[0,7] don't print lines about TSA CPUID bits under non-AMD 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
3d01978cd4 feat: add CVE-2023-20588 (AMD DIV0 bug) (#473) 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
53c45e3363 doc: update dev guidelines 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
acf8b585a5 doc: add CVE-2024-2201 (Native BHI) and TLBleed as unsupported 2026-04-08 22:35:53 +02:00
Stéphane Lesimple
076a1d5723 fix: CVE-2020-0543 (SRBDS): microcode mitigation misdetected (#492) 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
ee618ead07 enh: detect IPBP return predictor bypass in Inception/SRSO ("PB-Inception") (#500) 
AMD Zen 1-3 CPUs don't flush return predictions on IBPB, allowing
cross-process Spectre attacks even with IBPB-on-entry active. The kernel
fix (v6.12+, backported) adds RSB fill after IBPB on affected CPUs.
Detect this gap by checking CPUID IBPB_RET bit and kernel ibpb_no_ret
bug flag, and flag systems relying on IBPB without the RSB fill fix.
 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
1ff1dfbe26 fix: don't default to 0x0 ucode when unknown 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
78e4d25319 fix: bsd: use proper MSR for AMD in ucode version read fallback 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
24ed9ccaf6 enh: MDS FreeBSD: detect software mitigation as OK unless --paranoid (#503) 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
a49234ed96 doc: add CVE-2021-26318 (ADM Prefetch) to unsupported list 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
2ed15da028 feat: implement CVE-2023-28746 (RFDS, Register File Data Sampling) 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
0fcdc6e6cc feat: add SLS (Straight-Line Speculation) check with --extra option 2026-04-08 22:35:52 +02:00
Stéphane Lesimple
7a7408d124 fix: add rebleet to --variant 2026-04-04 16:22:05 +00:00
Stéphane Lesimple
cccb3c0081 enh: add known fixed ucode versions for CVE-2023-23583 (Reptar) and CVE-2024-45332 (BPI) 2026-04-04 16:07:12 +00:00