peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-07 09:13:20 +02:00
Code Issues Projects Releases Wiki Activity
621 Commits 5 Branches 48 Tags
b6a7ee23455d2685bf5bc7b312981d6bf0084feb
Commit Graph

621 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
b6a7ee2345 doc: add CVE-2024-2201 (Native BHI) and TLBleed as unsupported 
built from commit 2cfb4f5d20019825c1865af9868047877537c840
 dated 2026-04-06 02:23:52 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 00:25:24 +00:00
github-actions[bot]
5698711b3d fix: CVE-2020-0543 (SRBDS): microcode mitigation misdetected (#492) 
built from commit 41251d8e51ec7fcff6025bf772ae8b6778d0c641
 dated 2026-04-06 00:58:49 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 23:00:02 +00:00
github-actions[bot]
e0f9aeab81 enh: detect IPBP return predictor bypass in Inception/SRSO ("PB-Inception") (#500) 
built from commit 766441a1c730d15aa135ebe2be414d9b00ee11f8
 dated 2026-04-06 00:45:09 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)

 AMD Zen 1-3 CPUs don't flush return predictions on IBPB, allowing
cross-process Spectre attacks even with IBPB-on-entry active. The kernel
fix (v6.12+, backported) adds RSB fill after IBPB on affected CPUs.
Detect this gap by checking CPUID IBPB_RET bit and kernel ibpb_no_ret
bug flag, and flag systems relying on IBPB without the RSB fill fix.
 2026-04-05 22:47:43 +00:00
github-actions[bot]
2f550ba8cd fix: don't default to 0x0 ucode when unknown 
built from commit 9775d4762d97da696022ecb4dc3ef83f85318667
 dated 2026-04-06 00:38:55 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:40:17 +00:00
github-actions[bot]
3f60773ec4 enh: MDS FreeBSD: detect software mitigation as OK unless --paranoid (#503) 
built from commit f5c42098c3
 dated 2026-04-06 00:17:32 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:18:42 +00:00
github-actions[bot]
acaf3b684f doc: update dev guidelines 
built from commit bbdf54cf7f
 dated 2026-04-05 23:58:14 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:01:40 +00:00
github-actions[bot]
0ec51090ae fix: add rebleet to --variant 
built from commit 75d053a0f1
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:22:49 +00:00
github-actions[bot]
e9cb988409 fix: add rebleet to --variant 
built from commit 1b3ef84bcf68508148673e878221b9c35a463d1f
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:21:37 +00:00
github-actions[bot]
c147f3f7d4 retbl 
built from commit 8e50dabb2d6d2e9299679c6ffcc8c69aa4756f7a
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:19:20 +00:00
github-actions[bot]
065f19e313 enh: add known fixed ucode versions for CVE-2023-23583 (Reptar) and CVE-2024-45332 (BPI) 
built from commit da7b9bd282
 dated 2026-04-04 17:50:04 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 15:51:28 +00:00
github-actions[bot]
1214e63687 chore: reorder CVE list in README.md 
built from commit 5a29f5837c
 dated 2026-04-04 16:14:05 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 14:33:25 +00:00
github-actions[bot]
67be7eb116 chore: reorder CVE list in README.md 
built from commit ad98a15c6578fc58d0f84e9a39ea9671f5ef561a
 dated 2026-04-04 16:14:05 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 14:16:02 +00:00
github-actions[bot]
b4db134e49 feat: implement CVE-2025-40300 (VMScape) and CVE-2024-45332 (BTI) 
built from commit 6273344e62f9a56dc0dd834d1bd977c5af43a98d
 dated 2026-04-04 14:41:09 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 13:08:23 +00:00
github-actions[bot]
d7cd9e8b6b add a generated version of src/libs/003_intel_models.sh 
built from commit 533943ed644da77239cb5dbaddd1c7cd7f977388
 dated 2026-04-04 14:20:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 12:24:10 +00:00
github-actions[bot]
a4c3900ef0 add a generated version of src/libs/003_intel_models.sh 
built from commit a7e80c1d57b82f9971d0114cf67aa2fc7875ec76
 dated 2026-04-04 14:20:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 12:21:51 +00:00
github-actions[bot]
1d00acbc9a chore: don't include src/ generated files in build 
built from commit a77cf8264f
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:56:42 +00:00
github-actions[bot]
90a8a3057c chore: don't include src/ generated files in build 
built from commit b7dc3efcd99cb66193db2729046bde4915dd026c
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:54:17 +00:00
github-actions[bot]
40b7ae9098 chore: don't include src/ generated files in build 
built from commit 35fd7603425d409d76ea4071ec3be5c38dbb1967
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:50:52 +00:00
github-actions[bot]
27ac93dd39 doc: CVE-2018-3693 CVE-2019-1125 CVE-2019-15902 unsupported or already included 
built from commit ae5493257e
 dated 2026-04-02 23:22:31 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:23:44 +00:00
github-actions[bot]
dab7bebd3c doc: CVE-2018-15572 is already implemented along Spectre V2 
built from commit 47e202100a
 dated 2026-04-02 23:10:39 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:13:46 +00:00
github-actions[bot]
8f76537159 doc: CVE-2018-15572 is already implemented along Spectre V2 
built from commit 9d9ca447dffc171be0b8d519c74fb163f161c06a
 dated 2026-04-02 23:10:39 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:11:59 +00:00
github-actions[bot]
fd7083cb08 doc: CVE-2018-9056 is out of scope (closes #169) 
built from commit 0edb357894
 dated 2026-04-02 22:58:45 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 20:59:55 +00:00
github-actions[bot]
8ef4c71d36 enh: group results by 4 in the summary line at the end of the run 
built from commit 86e0fae48a
 dated 2026-04-02 22:45:08 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 20:46:29 +00:00
github-actions[bot]
240d6db210 enh: rework VERSION adjust when we're cloned 
built from commit cb3b9a37fa
 dated 2026-04-02 22:32:22 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 20:35:00 +00:00
github-actions[bot]
fbfdb89e7a chore: add proper header to all src/vulns/* files 
built from commit 3ea8e213ec
 dated 2026-04-02 20:47:54 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 19:35:40 +00:00
github-actions[bot]
5c571bacc6 enh: CVE-2022-40982 (Downfall) overhaul 
built from commit e7fa2f30cc
 dated 2026-04-02 19:55:25 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)

 - added `--kernel-config` support for all three Kconfig variants seen over all kernel versions up to now
- added `--kernel-map` support for `gds_select_mitigation` in `System.map`
- fixed the `--sysfs-only` mode
- added verbose information about remediation when `--explain` is used
- implemented `--paranoid mode`, requiring `GDS_MITIGATION_LOCKED` so that mitigation can't be disabled at runtime
- fixed offline mode (was wrongly looking at the system `dmesg`)
- better microcode status reporting (enabled, disabled, unsupported, unknown)
- fixed unknown (EOL) AVX-capable Intel family 6 CPUs now defaulting to affected
- fixed 2 missing known affected CPU models: INTEL_FAM6_SKYLAKE_L and INTEL_FAM6_SKYLAKE
- fixed case when we're running in a VM and the hypervisor doesn't let us read the MSR
 2026-04-02 18:11:41 +00:00
github-actions[bot]
6f8112c700 enh: CVE-2022-40982 (Downfall) overhaul 
built from commit c4c4ea8c0a5f2ffde852a22f26b9801bca61139a
 dated 2026-04-02 19:55:25 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)

 - added `--kernel-config` support for all three Kconfig variants seen over all kernel versions up to now
- added `--kernel-map` support for `gds_select_mitigation` in `System.map`
- fixed the `--sysfs-only` mode
- added verbose information about remediation when `--explain` is used
- implemented `--paranoid mode`, requiring `GDS_MITIGATION_LOCKED` so that mitigation can't be disabled at runtime
- fixed offline mode (was wrongly looking at the system `dmesg`)
- better microcode status reporting (enabled, disabled, unsupported, unknown)
- fixed unknown (EOL) AVX-capable Intel family 6 CPUs now defaulting to affected
- fixed 2 missing known affected CPU models: INTEL_FAM6_SKYLAKE_L and INTEL_FAM6_SKYLAKE
 2026-04-02 18:03:22 +00:00
github-actions[bot]
f46c743cad chore: build: also add new files, handle github workflows 
built from commit c799974038
 dated 2026-04-02 18:47:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 16:48:13 +00:00
github-actions[bot]
33bdd0688d chore: conditional workflows on all branches 
built from commit 5e2af29e6a
 dated 2026-04-02 18:36:43 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 16:39:04 +00:00
github-actions[bot]
7f87ade3fe chore: conditional workflows on all branches 
built from commit 44312e3ed385437674a56340b53ca59df291fc41
 dated 2026-04-02 18:36:43 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 16:38:01 +00:00
github-actions[bot]
e2d4d14e14 chore: add stalebot in dryrun 
built from commit 5fc008f2d4
 dated 2026-04-02 13:13:19 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 11:36:58 +00:00
github-actions[bot]
ddf2f2c723 chore: add stalebot in dryrun 
built from commit 5fc008f2d4
 dated 2026-04-02 13:13:19 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 11:14:30 +00:00
github-actions[bot]
fe376887ab enh: CVE-2017-5715; check for unprivileged eBPF for paranoid mode 
built from commit e5c6d2d905
 dated 2026-04-01 20:37:54 +0000
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-01 20:39:36 +00:00
github-actions[bot]
7b41bcca2b chore: shellcheck fixes 
built from commit ac327ce7c5
 dated 2026-04-01 20:10:29 +0000
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-01 20:11:58 +00:00
github-actions[bot]
151dd12e3e fix: cap_rdcl_no, cap_gds_no, cap_tsa_*_no were not setting the current CPU status as immune for their respective vulns 
built from commit 278989d550
 dated 2026-04-01 00:47:41 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:48:56 +00:00
github-actions[bot]
15ea90f312 enh: draft rework of CVE-2017-5753 aka spectre v1 
built from commit 4738e8f0ad
 dated 2026-04-01 00:22:07 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:23:17 +00:00
github-actions[bot]
5fd6a20ebb chore: readme: add a second table one about impact/mitigation, rework sections 
built from commit c20369d9e3899b03280bf72893956f36844bc969
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:09:49 +00:00
github-actions[bot]
e7df6a3e30 chore: readme: add a second table one about impact/mitigation 
built from commit 4f16822bb11f5b8461647c228a7f2087d5716aea
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:05:17 +00:00
github-actions[bot]
ba24551c56 chore: readme: add a second table one about impact/mitigation 
built from commit 25a7e7089a3c14f0b2d1320995b08d9d941d8c51
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:02:37 +00:00
github-actions[bot]
7c2699c01a chore: readme: add a second table one about impact/mitigation 
built from commit 3e969c94e04e48f8db9dbb5603371e1180a4d32a
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 21:53:12 +00:00
github-actions[bot]
6663b6422e chore: readme: add a second table one about impact/mitigation 
built from commit b74adb0957c471014dce284b2b6bf8cad85edf38
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 21:43:28 +00:00
github-actions[bot]
fe55c70658 chore: clearer CVE table in README.md 
built from commit 9bbefb7bae40c7c240641b3f714691a76976c9c0
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 21:01:37 +00:00
github-actions[bot]
d0822e1f9d chore: prepare for dev-build renaming to test-build 
built from commit 295324a545
 dated 2026-03-31 19:34:52 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 17:53:45 +00:00
github-actions[bot]
10e5b5749e chore: set VERSION when building 
built from commit efa07e7fd9
 dated 2026-03-30 23:46:13 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 22:22:20 +00:00
github-actions[bot]
4f7f83a40e chore: set VERSION when building 
built from commit 88099e12bf082112a1579e2cd37f010c29463e9d
 dated 2026-03-30 23:46:13 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 21:51:45 +00:00
github-actions[bot]
4bbbd71564 update dev docs and refactor CVE list in readme 
built from commit eabddf3d72
 dated 2026-03-30 23:24:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 21:39:55 +00:00
github-actions[bot]
c174a8b754 update dev docs and readme 
built from commit f66cb22a6d4779162909ea1ae1139c80942b1ce8
 dated 2026-03-30 23:24:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 21:28:20 +00:00
github-actions[bot]
0f36203b5f chore: adjust workflow for dev-build 
built from commit 254f8ece6de39214c5e25694b0fea8c2ddfbf511
 dated 2026-03-30 21:24:34 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 21:08:41 +00:00
speed47
61cc0f3a35 update: fwdb from v347+i20251110+615b to v349+i20260227+615b, 50 microcode changes 2026-03-28 01:52:17 +00:00
Stéphane Lesimple
a20641fbad fix: handle non-numeric ARM CPU architecture values 
Some old ARM processors (e.g., ARM926EJ-S) report CPU architecture
with suffix in /proc/cpuinfo (e.g., "5TEJ" for ARMv5TEJ).

This caused an "integer expression expected" error when comparing
against numeric values. Extract the numeric prefix before integer comparisons.

Fixes #505.
 2026-01-25 12:57:41 +01:00