peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2025-10-31 20:50:55 +01:00
Code Issues Projects Releases Wiki Activity
492 Commits 2 Branches 46 Tags
f49c6a3b0799df502b867f584796e3a10df3967b
Commit Graph

492 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stéphane Lesimple
f49c6a3b07 doc: add an FAQ entry about CVE support 2021-05-25 13:15:58 +02:00
Stéphane Lesimple
226b2375ab chore: speculative execution -> transient execution 2021-05-25 12:39:51 +02:00
Stéphane Lesimple
052a3e66d1 doc: more FAQ and README 2021-05-25 12:31:30 +02:00
Stéphane Lesimple
05d862709d fix: has_vmm false positive with pcp 
Fix by matching the full procname with pgrep (-x),
so that the 'pmdakvm' process doesn't match.

Closes #394
 2021-05-25 12:31:07 +02:00
Stéphane Lesimple
3846913899 fix: refuse to run under MacOS and ESXi 2021-05-24 22:42:23 +02:00
Stéphane Lesimple
a87ace1f98 doc: add an FAQ.md and update the README.md accordingly 2021-05-24 22:27:46 +02:00
Stéphane Lesimple
0ba71a443e fix: mcedb: v191 changed the MCE table format 
Also update the builtin db to v191+i20210217

Closes #400
 2021-05-24 12:55:44 +02:00
Stéphane Lesimple
3a486e9985 arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig 2021-04-02 15:38:31 +02:00
Stéphane Lesimple
23564cda5d fix: variant4: added case where prctl ssbd status is tagged as 'unknown' 2021-04-02 15:38:31 +02:00
Stéphane Lesimple
0ea21d09bd fix: extract_kernel: don't overwrite kernel_err if already set 
Fixes #395
 2021-04-02 15:33:02 +02:00
Stéphane Lesimple
08e30e156d chore: readme: framapic is gone, host the screenshots on GitHub 2021-02-22 21:22:11 +01:00
Zhiyuan Dai
6d35e780f4 arm64: phytium: Add CPU Implementer Phytium 
This patch adds 0x70 check for phytium implementer id in function
parse_cpu_details. Also adds that Phytium Soc is not vulnerable to variant 3/3a
 2021-01-13 19:14:09 +01:00
Stéphane Lesimple
4ec3154be0 chore: replace 'Vulnerable to' by 'Affected by' in the hw section 
This seems to be less confusing, suggested by #356
 2020-11-10 18:56:25 +01:00
Stéphane Lesimple
843f26630d feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371) 2020-11-10 18:36:42 +01:00
Stéphane Lesimple
7fc2ec65b9 bump to v0.44 v0.44 2020-11-09 18:41:43 +01:00
Stéphane Lesimple
c8cdfd54da chore: fwdb: update to v165.20201021+i20200616 2020-11-08 21:25:18 +01:00
Stéphane Lesimple
f0c33c7a32 fix: fwdb: use the commit date as the intel fwdb version 
fixes #379
 2020-11-08 21:25:18 +01:00
Stéphane Lesimple
9e874397da chore: fwdb: update to v163.20200930+i20200904 2020-10-05 20:06:49 +02:00
Stéphane Lesimple
76cb73f3cb fix: fwdb: update Intel's repository URL 2020-10-05 20:06:49 +02:00
Stéphane Lesimple
90f23d286e chore: update fwdb to v160.20200912+i20200722 2020-09-14 21:45:09 +02:00
Stéphane Lesimple
e41e311a7f feat: add zstd kernel decompression (#370) 2020-09-14 21:42:55 +02:00
Stéphane Lesimple
1f75f01630 fwdb: update MCEdb to v148 & Intel firmwares to 2020-04-27 2020-06-13 18:11:12 +02:00
Stéphane Lesimple
14a53b19da chore: add CVE to the README 2020-06-10 00:07:14 +02:00
Stéphane Lesimple
d8f0ddd7a5 chore: fix indentation 2020-06-10 00:07:14 +02:00
Agata Gruza
62d3448a54 Added support for SRBDS related vulnerabilities 2020-06-10 00:07:14 +02:00
Stéphane Lesimple
cb6d139629 chore: tests: now expect 15 CVEs instead of 14 (fix) 2020-06-09 22:56:25 +02:00
Stéphane Lesimple
7e2db09ed9 chore: tests: now expect 15 CVEs instead of 14 2020-06-09 22:51:50 +02:00
Stéphane Lesimple
33cf1cde79 enh: arm: add experimental support for binary arm images 2020-06-06 17:29:32 +02:00
Stéphane Lesimple
4a3006e196 fix: arm64: cve-2017-5753: kernels 4.19+ use a different nospec macro 2020-06-06 17:29:32 +02:00
Stéphane Lesimple
36f98eff95 fwdb: update MCEdb to v147 & Intel firmwares to 2020-04-27 2020-05-31 13:03:58 +02:00
xaitax
fa7b8f9567 Typo 2020-05-08 16:17:09 +02:00
Stéphane Lesimple
3beefc2587 enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode 2020-03-10 22:29:54 +01:00
Stéphane Lesimple
27c36fdb80 fwdb: update to v135.20200303+i20200205 2020-03-10 22:29:39 +01:00
Matt Christian
3d21dae168 Fixes for FreeBSD to parse CPU info. 2020-02-06 19:56:35 +01:00
Stéphane Lesimple
7d2a510146 chore: update fwdb to v132.20200108+i20191124 2020-02-01 18:58:25 +01:00
Stéphane Lesimple
a1a35c9b35 chore: github: add check run on pull requests 2020-01-10 13:19:36 +01:00
Stéphane Lesimple
eec77e1ab9 fix: fwdb update: remove Intel extract tempdir on exit 2019-12-10 20:21:52 +01:00
Stéphane Lesimple
5633d374de fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278) 2019-12-10 19:10:45 +01:00
Stéphane Lesimple
a343bccb49 bump to v0.43 v0.43 2019-12-08 15:37:17 +01:00
Stéphane Lesimple
1f604c119b fix var typo 2019-12-08 15:25:54 +01:00
Stéphane Lesimple
bfed3187a6 fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a 2019-12-08 14:39:31 +01:00
Stéphane Lesimple
0cd7e1164f feat: detect vanilla 5.4+ locked down mode 2019-12-06 23:03:36 +01:00
Stéphane Lesimple
71129d6b48 fix: tsx: rtm feature bit is in EBX(11) 2019-12-02 19:07:10 +01:00
Stéphane Lesimple
6e799e8b01 fix: mcepsc: fix logic error on non-speculative CPUs that prevented detection of MCEPSC immunity 2019-11-25 23:03:04 +01:00
Stéphane Lesimple
4993b04922 fix: taa: CPUs having TAA_NO bit set are not vulnerable 2019-11-25 21:14:54 +01:00
Stéphane Lesimple
4fc2afe1bc feat: add TSX_CTRL MSR detection in hardware info 2019-11-25 20:58:49 +01:00
Stéphane Lesimple
bd47275501 feat: add detection of iTLB Multihit vuln/mitigation (CVE-2018-12207) 2019-11-25 19:13:09 +01:00
Stéphane Lesimple
8ddf6b2d6d enh: replace shell wildcard by a find to avoid potiental error (list of args too long) 2019-11-24 17:26:13 +01:00
Stéphane Lesimple
16b6490ffc chore: avoid ${var:-]} syntax, badly confusing vim's syntax highlighter 2019-11-24 17:26:13 +01:00
Stéphane Lesimple
18df38fae6 fix: sgx: on locked down kernels, fallback to CPUID bit for detection 
on locked down kernels (Fedora / Red Hat feature that prevents writing
to MSRs from userspace, even if root), we can't write to FLUSH_CMD MSR
to verify that it's present. So fallback to checking the existence of
the L1D flush CPUID feature bit to infer that the microcode has been
updated in a recent enough version that also mitigates SGX (fixes for
both issues have been included in the same microcode updates for all
Intel CPUs)
 2019-11-24 17:26:01 +01:00