github-actions[bot]
e844f9cff3
feat: hide CVE checks that arebirrelevant for current arch
...
built from commit 7329c1fd2fspeed47_github@speed47.net )
CVE_REGISTRY gains an optional fifth field that tags checks as x86-only or
arm-only, untagged entries apply everywhere. The main CVE dispatcher and the
affectedness summary both skip gated entries in default "all CVEs" runs,
removing the noise of arm64 errata on x86 hosts and of x86 CVEs on ARM hosts
across text, json, nrpe and prometheus outputs. Explicit --cve/--variant/--errata
selection bypasses the gate so manual queries still run anywhere.
The gate honours no-hw mode by ignoring the host CPU and keying off the
inspected kernel's architecture only, which handles cross-arch offline
analysis driven by --kernel/--config/--map.
2026-04-21 06:56:29 +00:00
github-actions[bot]
440424f524
doc: readme: correct markdown indentation for unordered list items ( #569 )
...
built from commit 8a417e5579Buo.Ren.Lin@gmail.com )
Signed-off-by: 林博仁(Buo-ren Lin) <buo.ren.lin@gmail.com >
2026-04-20 16:05:45 +00:00
github-actions[bot]
7eaa794980
enh: add FPDSS check for AMD Zen1/Zen+ (CVE-2025-54505)
...
built from commit 048ce5b6a2speed47_github@speed47.net )
2026-04-18 15:20:22 +00:00
github-actions[bot]
a2823830a6
chore: create doc/ in -build branch
...
built from commit 2b1389e5c667a3c10c8e47fca7cb14d81695165c
dated 2026-04-08 21:57:03 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-04-08 20:10:38 +00:00
github-actions[bot]
bceb62f982
feat: implement check for MMIO Stale Data (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) ( #437 )
...
built from commit ee28c1107ec2255caeb85cf0c47a2d1b5034e7a5
dated 2026-04-06 11:25:51 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-04-06 09:31:08 +00:00
github-actions[bot]
624aef4a46
feat: add CVE-2023-20588 (AMD DIV0 bug) ( #473 )
...
built from commit b71465ff74speed47_github@speed47.net )
2026-04-06 00:47:00 +00:00
github-actions[bot]
acaf3b684f
doc: update dev guidelines
...
built from commit bbdf54cf7fspeed47_github@speed47.net )
2026-04-05 22:01:40 +00:00
github-actions[bot]
67be7eb116
chore: reorder CVE list in README.md
...
built from commit ad98a15c6578fc58d0f84e9a39ea9671f5ef561a
dated 2026-04-04 16:14:05 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-04-04 14:16:02 +00:00
github-actions[bot]
b4db134e49
feat: implement CVE-2025-40300 (VMScape) and CVE-2024-45332 (BTI)
...
built from commit 6273344e62f9a56dc0dd834d1bd977c5af43a98d
dated 2026-04-04 14:41:09 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-04-04 13:08:23 +00:00
github-actions[bot]
fd7083cb08
doc: CVE-2018-9056 is out of scope ( closes #169 )
...
built from commit 0edb357894speed47_github@speed47.net )
2026-04-02 20:59:55 +00:00
github-actions[bot]
240d6db210
enh: rework VERSION adjust when we're cloned
...
built from commit cb3b9a37faspeed47_github@speed47.net )
2026-04-02 20:35:00 +00:00
github-actions[bot]
15ea90f312
enh: draft rework of CVE-2017-5753 aka spectre v1
...
built from commit 4738e8f0adspeed47_github@speed47.net )
2026-03-31 22:23:17 +00:00
github-actions[bot]
5fd6a20ebb
chore: readme: add a second table one about impact/mitigation, rework sections
...
built from commit c20369d9e3899b03280bf72893956f36844bc969
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 22:09:49 +00:00
github-actions[bot]
e7df6a3e30
chore: readme: add a second table one about impact/mitigation
...
built from commit 4f16822bb11f5b8461647c228a7f2087d5716aea
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 22:05:17 +00:00
github-actions[bot]
ba24551c56
chore: readme: add a second table one about impact/mitigation
...
built from commit 25a7e7089a3c14f0b2d1320995b08d9d941d8c51
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 22:02:37 +00:00
github-actions[bot]
7c2699c01a
chore: readme: add a second table one about impact/mitigation
...
built from commit 3e969c94e04e48f8db9dbb5603371e1180a4d32a
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 21:53:12 +00:00
github-actions[bot]
6663b6422e
chore: readme: add a second table one about impact/mitigation
...
built from commit b74adb0957c471014dce284b2b6bf8cad85edf38
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 21:43:28 +00:00
github-actions[bot]
fe55c70658
chore: clearer CVE table in README.md
...
built from commit 9bbefb7bae40c7c240641b3f714691a76976c9c0
dated 2026-03-31 22:57:00 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-31 21:01:37 +00:00
github-actions[bot]
4bbbd71564
update dev docs and refactor CVE list in readme
...
built from commit eabddf3d72speed47_github@speed47.net )
2026-03-30 21:39:55 +00:00
github-actions[bot]
c174a8b754
update dev docs and readme
...
built from commit f66cb22a6d4779162909ea1ae1139c80942b1ce8
dated 2026-03-30 23:24:18 +0200
by Stéphane Lesimple (speed47_github@speed47.net )
2026-03-30 21:28:20 +00:00
Stéphane Lesimple
e806e4bc41
chore: docker compose v2
...
The `docker-compose` command has been replaced by `docker compose`.
The "version" tag has also been deprecated in docker-compose.yml.
2024-08-04 13:53:36 +02:00
Stéphane Lesimple
97f4d5f2bc
feat(reptar): add detection and mitigation of Reptar
2024-01-09 15:38:16 +01:00
Sébastien Mériot
3e67047c73
feat(inception): README
2023-08-25 18:50:53 +02:00
Sébastien Mériot
227c0aab1e
feat(downfall): add downfall checks
2023-08-10 11:14:40 +02:00
Stéphane Lesimple
cba5010c2a
chore: fix typo
2023-07-26 13:57:05 +02:00
Stéphane Lesimple
9bb79a18eb
feat: add Zenbleed (CVE-2023-20593) and update fwdb to v270+i20230614
2023-07-25 17:54:59 +02:00
Stéphane Lesimple
a485c7882a
doc: readme: make the FAQ entry more visible
2021-05-25 13:22:54 +02:00
Stéphane Lesimple
226b2375ab
chore: speculative execution -> transient execution
2021-05-25 12:39:51 +02:00
Stéphane Lesimple
052a3e66d1
doc: more FAQ and README
2021-05-25 12:31:30 +02:00
Stéphane Lesimple
a87ace1f98
doc: add an FAQ.md and update the README.md accordingly
2021-05-24 22:27:46 +02:00
Stéphane Lesimple
08e30e156d
chore: readme: framapic is gone, host the screenshots on GitHub
2021-02-22 21:22:11 +01:00
Stéphane Lesimple
14a53b19da
chore: add CVE to the README
2020-06-10 00:07:14 +02:00
Agata Gruza
62d3448a54
Added support for SRBDS related vulnerabilities
2020-06-10 00:07:14 +02:00
Stéphane Lesimple
6e799e8b01
fix: mcepsc: fix logic error on non-speculative CPUs that prevented detection of MCEPSC immunity
2019-11-25 23:03:04 +01:00
Stéphane Lesimple
bd47275501
feat: add detection of iTLB Multihit vuln/mitigation (CVE-2018-12207)
2019-11-25 19:13:09 +01:00
Agata Gruza
d623524342
Added support for TAA related vulnerabilities
2019-11-12 19:40:47 +01:00
Stéphane Lesimple
0bd38ddda0
enh: -v -v now implies --dump-mock-data
2019-05-24 11:36:39 +02:00
Stéphane Lesimple
871443c9db
fix typos in README
2019-05-15 00:28:55 +02:00
Stéphane Lesimple
11790027d3
feat(mds): add alias ZombieLoad for CVE-2018-12130
2019-05-14 21:42:36 +02:00
Stéphane Lesimple
1d13a423b8
adjust README
2019-05-14 20:16:01 +02:00
Agata Gruza
8e870db4f5
Added support for MDS related vulnerabilities ( #282 )
2019-05-14 19:21:20 +02:00
Rob Gill
906f54cf9d
Improved hypervisor detection ( #259 )
...
* Code consistency
``` opt_batch_format="text" ``` replaced by ``` opt_batch_format='text' ```
```nrpe_vuln='"" ``` replaced by ``` nrpe_vuln='' ``` , as used by other parse options
Redundant ``` ! -z ``` replaced by ``` -n ```, as used elsewhere
Signed-off-by: Rob Gill <rrobgill@protonmail.com >
* Improved hypervisor detection
Tests for presence of hypervisor flag in /proc/cpuino
Tests for evidence of hypervisor in dmesg
Signed-off-by: Rob Gill <rrobgill@protonmail.com >
* formatting fix
Signed-off-by: Rob Gill <rrobgill@protonmail.com >
* Set $l1d_mode to -1 in cases where cpu/vulnerabilities/l1tf is not available
(prevents invalid number error when evaluating [ "$l1d_mode" -ge 1 ])
Signed-off-by: Rob Gill <rrobgill@protonmail.com >
* Update Intel Atom 6 cpu names to align with kernel
Update processor names of atom 6 family processors to align with those from kernel as of October 2018.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/x86/include/asm/intel-family.h?id=f2c4db1bd80720cd8cb2a5aa220d9bc9f374f04e
Update list of known immune processors from
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/arch/x86/kernel/cpu/common.c?id=f2c4db1bd80720cd8cb2a5aa220d9bc9f374f04e
* Fix unset $l1d_mode
Another instance of unset l1d_mode causing error "./spectre-meltdown-checker.sh: 3867: [: Illegal number:"
* chore: update readme with brief summary of L1tfs
L1tf mitigation and impact details from
https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html and https://blogs.oracle.com/oraclesecurity/intel-l1tf
* typo
2018-12-10 19:33:07 +01:00
Stéphane Lesimple
b44d2b5470
chore: remove 'experimental' notice of Foreshadow from README
2018-09-17 21:48:20 +02:00
Stéphane Lesimple
b2f64e1132
fix README after merge
2018-08-18 12:09:34 +02:00
unrealization
42a3a61f1d
Slightly improved Docker configuration ( #230 )
...
* Listed the required volumes in the Dockerfile.
* Added docker-compose.yml for convenience as users won't need to manually
specify volumes and stuff when running through docker-compose.
Adjusted README.md to reflect this change.
2018-08-18 12:06:16 +02:00
Stéphane Lesimple
e942616189
feat: initial support for L1TF
2018-08-15 12:05:08 +02:00
Jan
9a6406a9a2
chore: add docker support ( #203 )
2018-06-14 20:25:35 +02:00
Stéphane Lesimple
e54e8b3e84
chore: remove warning in README, fix display indentation
2018-05-24 16:32:53 +02:00
Stéphane Lesimple
19be8f79eb
doc: update README with some info about variant3 and variant4
2018-05-22 09:43:29 +02:00
Stéphane Lesimple
6a4318addf
feat(variant3a/4): initial support for 2 new CVEs
2018-05-22 00:06:56 +02:00
