peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-22 16:43:20 +02:00
Code Issues Projects Releases Wiki Activity
653 Commits 6 Branches 49 Tags
e844f9cff3dd54ef004bedc0cbd6a72764eb55de
Commit Graph

653 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
e844f9cff3 feat: hide CVE checks that arebirrelevant for current arch 
built from commit 7329c1fd2f
 dated 2026-04-21 08:53:08 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)

 CVE_REGISTRY gains an optional fifth field that tags checks as x86-only or
arm-only, untagged entries apply everywhere. The main CVE dispatcher and the
affectedness summary both skip gated entries in default "all CVEs" runs,
removing the noise of arm64 errata on x86 hosts and of x86 CVEs on ARM hosts
across text, json, nrpe and prometheus outputs. Explicit --cve/--variant/--errata
selection bypasses the gate so manual queries still run anywhere.
The gate honours no-hw mode by ignoring the host CPU and keying off the
inspected kernel's architecture only, which handles cross-arch offline
analysis driven by --kernel/--config/--map.
 2026-04-21 06:56:29 +00:00
github-actions[bot]
5262efbf55 fix: mmio stale data: EOL Intel CPUs may be vulnerable (#437) 
built from commit 03b1787d69
 dated 2026-04-20 22:42:04 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-20 20:44:06 +00:00
github-actions[bot]
440424f524 doc: readme: correct markdown indentation for unordered list items (#569) 
built from commit 8a417e5579
 dated 2026-04-21 00:02:47 +0800
 by 林博仁 Buo-ren Lin (Buo.Ren.Lin@gmail.com)

 Signed-off-by: 林博仁(Buo-ren Lin) <buo.ren.lin@gmail.com>
 2026-04-20 16:05:45 +00:00
github-actions[bot]
b7b0efa773 doc: add Jump Conditional Code (JCC) Erratum to the unsupported list 
built from commit b7a6182a65
 dated 2026-04-20 17:47:50 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-20 15:49:22 +00:00
github-actions[bot]
cf156a2ee5 doc: update output formats doc + normalize json to bool 
built from commit e2d110a3b5
 dated 2026-04-20 12:47:43 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-20 10:56:59 +00:00
github-actions[bot]
4eb0d04808 chore: remove from test branch workflows that must live on master 
built from commit 1bb33d5cf2
 dated 2026-04-20 12:53:36 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-20 10:55:20 +00:00
github-actions[bot]
50845adbfb doc: CVE-2018-3665 (Lazy FP State Restore (LazyFP)), unsupported 
built from commit 6732eb141b
 dated 2026-04-19 12:49:17 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-19 10:50:48 +00:00
github-actions[bot]
7eaa794980 enh: add FPDSS check for AMD Zen1/Zen+ (CVE-2025-54505) 
built from commit 048ce5b6a2
 dated 2026-04-18 10:56:21 +0000
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-18 15:20:22 +00:00
github-actions[bot]
7e5eee74ac fix: remove useless checks under ARM for CVE-2023-28746 
built from commit 48454a5344
 dated 2026-04-10 19:50:15 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-10 17:51:49 +00:00
github-actions[bot]
9bef6ec533 enh: use g_mode to explicitly save/load the current running mode 
built from commit e67c9e4265
 dated 2026-04-10 19:26:46 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-10 17:29:38 +00:00
github-actions[bot]
f587d9355e enh: guard x86/arm specific checks in kernel/cpu for the proper arch 
built from commit c64d4bb481
 dated 2026-04-10 18:37:32 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-10 16:40:49 +00:00
github-actions[bot]
83be8fd544 chore: fix build workflow 
built from commit de853fc801
 dated 2026-04-08 23:00:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-08 21:02:02 +00:00
Stéphane Lesimple
9383287fc6 chore: delete FAQ.md from ./ in test-build (moved to doc/ in test) 2026-04-08 20:18:32 +00:00
github-actions[bot]
a2823830a6 chore: create doc/ in -build branch 
built from commit 2b1389e5c667a3c10c8e47fca7cb14d81695165c
 dated 2026-04-08 21:57:03 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-08 20:10:38 +00:00
github-actions[bot]
6212de226a enh: when reading CPUID is unavailable (VM?), fallback to cpuinfo where applicable 
built from commit 954eb13468
 dated 2026-04-06 18:58:36 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)

 cap_* variable <= cpuinfo flag

cap_ibrs              <= ibrs
cap_ibpb              <= ibpb
cap_stibp             <= stibp
cap_ssbd              <= ssbd / virt_ssbd
cap_l1df              <= flush_l1d
cap_md_clear          <= md_clear
cap_arch_capabilities <= arch_capabilities

Should fix #288
 2026-04-06 17:00:15 +00:00
github-actions[bot]
f8873048fc enh: read/write_msr: clearer error messages 
built from commit be91749d3a
 dated 2026-04-06 18:43:36 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 16:44:52 +00:00
github-actions[bot]
463e33d61c fix: CVE-2017-5715 (Spectre V2): Red Hat specific fix for RSB Filling (fixes #235) 
built from commit d040c0ffc3
 dated 2026-04-06 17:40:59 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 15:42:13 +00:00
github-actions[bot]
4d1af90420 fix: better compatibility under busybox, silence buggy unzlma versions (fix #432) 
built from commit fc34cb729b
 dated 2026-04-06 17:12:21 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 15:14:01 +00:00
github-actions[bot]
e8a3c7d7f5 fix: wrmsr: specify core number (closes #294) 
built from commit fe5bf7c003
 dated 2026-04-06 17:01:17 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 15:02:33 +00:00
github-actions[bot]
8ae598802c enh: clearer kernel info section at the top of the script 
built from commit ac09be87b5
 dated 2026-04-06 15:00:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 13:01:21 +00:00
github-actions[bot]
48a4c0e49c chore: add comment about is_intel/amd/hygon recursion 
built from commit 730dd50024
 dated 2026-04-06 13:46:11 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 12:06:52 +00:00
github-actions[bot]
1557bbee42 doc: document Platypus (CVE-2020-8694 CVE-2020-8695) as out of scope (#384) 
built from commit fe133e97e0205c7643d8648d0fbb19c67c65636a
 dated 2026-04-06 13:26:38 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 11:27:56 +00:00
github-actions[bot]
4530f39fae doc: document CVE-2020-24511 and CVE-2020-24512 as being out of scope along with rationale (#409) 
built from commit 7b36ca50b860666a5ec605992b3ffe2308199290
 dated 2026-04-06 13:07:20 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 11:08:28 +00:00
github-actions[bot]
d247733496 fix: CPUs affected by MSBDS but not MDS (fix #351) 
built from commit 716caae53f8ee8a6276a8fa0b9327b3ee3f4a3e0
 dated 2026-04-06 12:58:03 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 10:59:40 +00:00
github-actions[bot]
fc66ee567a doc: add CVE-2019-11157 (Plundervolt) to unsupported CVE list 
built from commit 00386b80f6d0ef82def918e4cef1b5193c57966a
 dated 2026-04-06 12:38:57 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 10:40:10 +00:00
github-actions[bot]
072b98cefd fix: better detect kernel lockdown & no longer require cap_flush_cmd to deem CVE-2018-3615 as mitigated (fix #296) 
built from commit c3b8c59a8c08a321fec1a6f30739c301ef6e6062
 dated 2026-04-06 12:29:26 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 10:30:36 +00:00
github-actions[bot]
bceb62f982 feat: implement check for MMIO Stale Data (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) (#437) 
built from commit ee28c1107ec2255caeb85cf0c47a2d1b5034e7a5
 dated 2026-04-06 11:25:51 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 09:31:08 +00:00
github-actions[bot]
aacdd35c57 doc: add Blindside to unsupported list (#374) 
built from commit 02ffdc7a405e1c5b59a64dc8891db8fde46cf824
 dated 2026-04-06 10:27:17 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 08:28:38 +00:00
github-actions[bot]
c0a389b086 doc: add CVE-2020-0549 (L1D Eviction Sampling, CacheOut) as unsupported 
built from commit ef57f070db
 dated 2026-04-06 03:33:32 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 01:34:41 +00:00
github-actions[bot]
726f9e54f5 fix: CVE-2019-11135 (TAA) detect new 0x10F MSR for TSX-disabled CPUs (#414) 
built from commit 0caabfc220
 dated 2026-04-06 03:23:56 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 01:25:09 +00:00
github-actions[bot]
11210ab772 fix: CVE-2024-3635[0,7] don't print lines about TSA CPUID bits under non-AMD 
built from commit 6106dce8d8
 dated 2026-04-06 03:09:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 01:10:32 +00:00
github-actions[bot]
624aef4a46 feat: add CVE-2023-20588 (AMD DIV0 bug) (#473) 
built from commit b71465ff74
 dated 2026-04-06 02:40:09 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 00:47:00 +00:00
github-actions[bot]
b6a7ee2345 doc: add CVE-2024-2201 (Native BHI) and TLBleed as unsupported 
built from commit 2cfb4f5d20019825c1865af9868047877537c840
 dated 2026-04-06 02:23:52 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-06 00:25:24 +00:00
github-actions[bot]
5698711b3d fix: CVE-2020-0543 (SRBDS): microcode mitigation misdetected (#492) 
built from commit 41251d8e51ec7fcff6025bf772ae8b6778d0c641
 dated 2026-04-06 00:58:49 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 23:00:02 +00:00
github-actions[bot]
e0f9aeab81 enh: detect IPBP return predictor bypass in Inception/SRSO ("PB-Inception") (#500) 
built from commit 766441a1c730d15aa135ebe2be414d9b00ee11f8
 dated 2026-04-06 00:45:09 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)

 AMD Zen 1-3 CPUs don't flush return predictions on IBPB, allowing
cross-process Spectre attacks even with IBPB-on-entry active. The kernel
fix (v6.12+, backported) adds RSB fill after IBPB on affected CPUs.
Detect this gap by checking CPUID IBPB_RET bit and kernel ibpb_no_ret
bug flag, and flag systems relying on IBPB without the RSB fill fix.
 2026-04-05 22:47:43 +00:00
github-actions[bot]
2f550ba8cd fix: don't default to 0x0 ucode when unknown 
built from commit 9775d4762d97da696022ecb4dc3ef83f85318667
 dated 2026-04-06 00:38:55 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:40:17 +00:00
github-actions[bot]
3f60773ec4 enh: MDS FreeBSD: detect software mitigation as OK unless --paranoid (#503) 
built from commit f5c42098c3
 dated 2026-04-06 00:17:32 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:18:42 +00:00
github-actions[bot]
acaf3b684f doc: update dev guidelines 
built from commit bbdf54cf7f
 dated 2026-04-05 23:58:14 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-05 22:01:40 +00:00
github-actions[bot]
0ec51090ae fix: add rebleet to --variant 
built from commit 75d053a0f1
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:22:49 +00:00
github-actions[bot]
e9cb988409 fix: add rebleet to --variant 
built from commit 1b3ef84bcf68508148673e878221b9c35a463d1f
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:21:37 +00:00
github-actions[bot]
c147f3f7d4 retbl 
built from commit 8e50dabb2d6d2e9299679c6ffcc8c69aa4756f7a
 dated 2026-04-04 18:17:35 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 16:19:20 +00:00
github-actions[bot]
065f19e313 enh: add known fixed ucode versions for CVE-2023-23583 (Reptar) and CVE-2024-45332 (BPI) 
built from commit da7b9bd282
 dated 2026-04-04 17:50:04 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 15:51:28 +00:00
github-actions[bot]
1214e63687 chore: reorder CVE list in README.md 
built from commit 5a29f5837c
 dated 2026-04-04 16:14:05 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 14:33:25 +00:00
github-actions[bot]
67be7eb116 chore: reorder CVE list in README.md 
built from commit ad98a15c6578fc58d0f84e9a39ea9671f5ef561a
 dated 2026-04-04 16:14:05 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 14:16:02 +00:00
github-actions[bot]
b4db134e49 feat: implement CVE-2025-40300 (VMScape) and CVE-2024-45332 (BTI) 
built from commit 6273344e62f9a56dc0dd834d1bd977c5af43a98d
 dated 2026-04-04 14:41:09 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 13:08:23 +00:00
github-actions[bot]
d7cd9e8b6b add a generated version of src/libs/003_intel_models.sh 
built from commit 533943ed644da77239cb5dbaddd1c7cd7f977388
 dated 2026-04-04 14:20:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 12:24:10 +00:00
github-actions[bot]
a4c3900ef0 add a generated version of src/libs/003_intel_models.sh 
built from commit a7e80c1d57b82f9971d0114cf67aa2fc7875ec76
 dated 2026-04-04 14:20:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-04 12:21:51 +00:00
github-actions[bot]
1d00acbc9a chore: don't include src/ generated files in build 
built from commit a77cf8264f
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:56:42 +00:00
github-actions[bot]
90a8a3057c chore: don't include src/ generated files in build 
built from commit b7dc3efcd99cb66193db2729046bde4915dd026c
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:54:17 +00:00
github-actions[bot]
40b7ae9098 chore: don't include src/ generated files in build 
built from commit 35fd7603425d409d76ea4071ec3be5c38dbb1967
 dated 2026-04-02 23:49:40 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-04-02 21:50:52 +00:00