714 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Stéphane Lesimple	b7a6182a65	doc: add Jump Conditional Code (JCC) Erratum to the unsupported list	2026-04-20 17:47:50 +02:00
Stéphane Lesimple	e2d110a3b5	doc: update output formats doc + normalize json to bool	2026-04-20 12:55:34 +02:00
Stéphane Lesimple	1bb33d5cf2	chore: remove from test branch workflows that must live on master	2026-04-20 12:53:36 +02:00
Stéphane Lesimple	6732eb141b	doc: CVE-2018-3665 (Lazy FP State Restore (LazyFP)), unsupported	2026-04-19 12:49:17 +02:00
Stéphane Lesimple	048ce5b6a2	enh: add FPDSS check for AMD Zen1/Zen+ (CVE-2025-54505)	2026-04-18 17:18:42 +02:00
Stéphane Lesimple	48454a5344	fix: remove useless checks under ARM for CVE-2023-28746	2026-04-10 19:50:15 +02:00
Stéphane Lesimple	e67c9e4265	enh: use g_mode to explicitly save/load the current running mode	2026-04-10 19:28:10 +02:00
Stéphane Lesimple	f7ba617e16	enh: guard x86/arm specific checks in kernel/cpu for the proper arch	2026-04-10 19:28:10 +02:00
Stéphane Lesimple	e110706df8	enh: factorize is_arch_kernel	2026-04-10 18:37:14 +02:00
Stéphane Lesimple	de853fc801	chore: fix build workflow	2026-04-08 23:00:40 +02:00
Stéphane Lesimple	98ec067aef	enh: rework json/prom output to better split x86/arm	2026-04-08 22:58:36 +02:00
Stéphane Lesimple	ff42393fa6	new batch mode docs, add doc/ to -build branch	2026-04-08 22:58:36 +02:00
Stéphane Lesimple	f0fb59310e	fix: add a missing pstatus to CVE-2023-20588 check	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	be0f2d20d2	fix: remove misleading explain on correctly mitigated SLS	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	3639de9e8a	chore: fix github workflow check with new --batch output	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	df3c2aeaa3	add screenshot to README	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	945f70bb63	fix: early abort when using --allow-msr-write	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	db84fc10de	chore: make fmt	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	60ea669e41	enh: better explain the 4 run modes	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	f1c0d5548c	chg: remove --no-intel-db, it's now always used when available	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	9e617a4363	remove prometheus-legacy format	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	b9c203120b	enh: --no-runtime and --no-hw modes replacing --live and implicit 'offline' mode	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	3f7e0a11f7	enh: CVE-2018-3640 (Spectre 3a): enhance ARM mitigation detection	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	5c469787ea	enh: rework --batch nrpe entirely	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	a952fe32c4	fix: exit_cleanup: don't lose passed exit code	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	61fa02d577	feat: rework the --batch prometheus output entirely	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	39dea1245e	feat: rework the --batch json output entirely	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	3afbda8430	enh: when reading CPUID is unavailable (VM?), fallback to cpuinfo where applicable ... cap_* variable <= cpuinfo flag cap_ibrs <= ibrs cap_ibpb <= ibpb cap_stibp <= stibp cap_ssbd <= ssbd / virt_ssbd cap_l1df <= flush_l1d cap_md_clear <= md_clear cap_arch_capabilities <= arch_capabilities Should fix #288	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	6d69ce9a77	enh: read/write_msr: clearer error messages	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	3ebfba2ac2	fix: CVE-2017-5715 (Spectre V2): Red Hat specific fix for RSB Filling (fixes #235)	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	a3f6553e65	fix: read/write msr and lockdown: fix a variable error, properly report lockdown to users	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	42ed8efa65	fix: better compatibility under busybox, silence buggy unzlma versions (fix #432)	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	2c766b7cc6	fix: wrmsr: specify core number (closes #294)	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	49472f1b64	enh: clearer kernel info section at the top of the script	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	333aa74fea	enh: clearer CPU details section	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	8d9504d174	chore: add comment about is_intel/amd/hygon recursion	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	6043f586ef	enh: update IntelDB affected CPU list to 2026-04 data, including Hybrid CPU detection	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	e1ace7c281	doc: document Platypus (CVE-2020-8694 CVE-2020-8695) as out of scope (#384)	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	24ab98d757	doc: document CVE-2020-24511 and CVE-2020-24512 as being out of scope along with rationale (#409)	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	155b3808b9	fix: CPUs affected by MSBDS but not MDS (fix #351)	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	b6a41918b0	doc: add CVE-2019-11157 (Plundervolt) to unsupported CVE list	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	3c56ac35dd	fix: better detect kernel lockdown & no longer require cap_flush_cmd to deem CVE-2018-3615 as mitigated (fix #296)	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	b0bb1f4676	feat: implement check for MMIO Stale Data (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) (#437)	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	0fa7e44327	doc: add Blindside to unsupported list (#374)	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	f100b4e1dc	doc: add CVE-2020-0549 (L1D Eviction Sampling, CacheOut) as unsupported	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	6332fc3405	fix: CVE-2019-11135 (TAA) detect new 0x10F MSR for TSX-disabled CPUs (#414)	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	3c61c7489b	fix: CVE-2024-3635[0,7] don't print lines about TSA CPUID bits under non-AMD	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	3d01978cd4	feat: add CVE-2023-20588 (AMD DIV0 bug) (#473)	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	53c45e3363	doc: update dev guidelines	2026-04-08 22:35:53 +02:00
Stéphane Lesimple	acf8b585a5	doc: add CVE-2024-2201 (Native BHI) and TLBleed as unsupported	2026-04-08 22:35:53 +02:00