9c2587bca5
enh: when CPUID can't be read, built it by ourselves
2023-07-30 12:21:12 +02:00
2a5ddc87bf
feat: add Intel known affected processors DB
2023-07-30 12:21:12 +02:00
2ef6c1c80e
enh: factorize file download func
2023-07-28 20:03:16 +02:00
3c224018f4
chore: update disclaimer and FAQ
2023-07-28 20:03:16 +02:00
b8f8c81d51
release v0.46
2023-07-26 18:07:02 +02:00
f34dd5fa7b
enh: assume CPU is immune to Zenbleed regardless of vendor except AMD
...
This contradicts our usual "if we don't know, consider vulnerable" motto,
but as this vuln is extremely specific (which is not the case for the Spectre
range of vulnerabilities, for example), this is the correct approach here.
2023-07-26 17:54:44 +02:00
c0869d7341
enh: zenbleed: give a manual mitigation in --explain
2023-07-26 16:38:02 +02:00
e99a548dcc
fix: fms2cpuid was incorrect for families > 0xF
2023-07-26 14:33:11 +02:00
3d475dfaec
feat: fwdb: add linux-firmware as AMD source, update fwdb accordingly
2023-07-26 13:57:05 +02:00
cba5010c2a
chore: fix typo
2023-07-26 13:57:05 +02:00
c5661f098f
enh: add --explain text for Zenbleed
2023-07-26 10:56:45 +02:00
6844c01242
enh: add zenbleed support to the --variant option
2023-07-26 10:46:38 +02:00
0811f28ac6
fix: arm is not affected by zenbleed
2023-07-25 19:59:59 +02:00
9bb79a18eb
feat: add Zenbleed (CVE-2023-20593) and update fwdb to v270+i20230614
2023-07-25 17:54:59 +02:00
0d93c6ffb4
feat: arm: add Neoverse-N2 and Neoverse-V2
...
Signed-off-by: George Cherian <george.cherian@marvell.com>
2023-06-18 12:19:02 +02:00
6a61df200e
update: fwdb to v266+i20230512
2023-05-13 10:27:03 +02:00
e4b313fe79
feat: arm: add Neoverse-V1
2023-04-22 11:17:06 +02:00
60c71ccb7a
Add support for Guix System kernel.
2023-02-24 20:58:45 +01:00
48abeb5950
fix: bad exitcode with --update-fwdb due to trap exit
2023-02-24 20:57:43 +01:00
3c988cc73a
fix: rewrite SQL to be sqlite3 >= 3.41 compatible
...
closes #443
2023-02-24 20:54:40 +01:00
bea5cfc3b8
Fix typo: /devnull file created in filesystem
2023-02-24 19:42:16 +01:00
b68ebe67f2
fix: fwdb: ignore MCEdb versions where an official Intel version exists ( fixes #430 )
2022-03-30 09:10:55 +02:00
a6c943d38f
release v0.45
2022-03-27 12:41:17 +02:00
dd162301ff
chore: update fwdb to v222+i20220208
2022-03-27 12:38:44 +02:00
5f6471d9a4
feat: set default TMPDIR for Android ( #415 )
2022-03-27 12:31:05 +02:00
2a5b965b98
feat: add --allow-msr-write, no longer write by default ( #385 ), detect when writing is denied
2022-03-24 12:37:19 +01:00
ee266d43b7
chore: fix indentation
2022-03-21 22:22:33 +01:00
b61baa90df
feat: bsd: for unimplemented CVEs, at least report when CPU is not affected
2022-03-21 22:22:33 +01:00
a98d92f8bc
chore: wording: model not vulnerable -> model not affected
2022-03-21 22:22:33 +01:00
b7c8c4115a
feat: implement detection for MCEPSC under BSD
2022-03-21 22:22:33 +01:00
4e7c52767d
chore: update Intel Family 6 models
2022-03-21 22:22:33 +01:00
8473d9ba6b
chore: ensure vars are set before being dereferenced (set -u compat)
2022-03-21 22:22:33 +01:00
0af4830224
fix: is_ucode_blacklisted: fix some model names
2022-03-21 22:22:33 +01:00
81a4329d71
feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208
2022-03-21 22:22:33 +01:00
3679776f3c
chore: only attempt to load msr and cpuid module once
2022-03-21 22:22:33 +01:00
ba131fcd2f
chore: read_cpuid: use named constants
2022-03-21 22:22:33 +01:00
ae6bc31c2c
feat: hw check: add IPRED, RRSBA, BHI features check
2022-03-21 22:22:33 +01:00
6d7a6b3666
feat: add subleaf != 0 support for read_cpuid
2022-03-21 22:22:33 +01:00
16f2160be5
chore: fwdb: update to v220+i20220208
2022-03-17 19:39:39 +01:00
580549812a
fix: retpoline: detection on 5.15.28+ ( #420 )
2022-03-17 19:25:24 +01:00
05d862709d
fix: has_vmm false positive with pcp
...
Fix by matching the full procname with pgrep (-x),
so that the 'pmdakvm' process doesn't match.
Closes #394
2021-05-25 12:31:07 +02:00
3846913899
fix: refuse to run under MacOS and ESXi
2021-05-24 22:42:23 +02:00
0ba71a443e
fix: mcedb: v191 changed the MCE table format
...
Also update the builtin db to v191+i20210217
Closes #400
2021-05-24 12:55:44 +02:00
3a486e9985
arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig
2021-04-02 15:38:31 +02:00
23564cda5d
fix: variant4: added case where prctl ssbd status is tagged as 'unknown'
2021-04-02 15:38:31 +02:00
0ea21d09bd
fix: extract_kernel: don't overwrite kernel_err if already set
...
Fixes #395
2021-04-02 15:33:02 +02:00
6d35e780f4
arm64: phytium: Add CPU Implementer Phytium
...
This patch adds 0x70 check for phytium implementer id in function
parse_cpu_details. Also adds that Phytium Soc is not vulnerable to variant 3/3a
2021-01-13 19:14:09 +01:00
4ec3154be0
chore: replace 'Vulnerable to' by 'Affected by' in the hw section
...
This seems to be less confusing, suggested by #356
2020-11-10 18:56:25 +01:00
843f26630d
feat: arm: add Cortex A77 and Neoverse-N1 ( fixes #371 )
2020-11-10 18:36:42 +01:00
7fc2ec65b9
bump to v0.44
2020-11-09 18:41:43 +01:00
Stéphane Lesimple
ShadowCurse
George Cherian
Hilton Chain
glitsj16
Zhiyuan Dai