fix: microcode check now supports pf_mask (fixes #482 )

feat(reptar): add detection and mitigation of Reptar
2024-01-09 17:05:18 +01:00 · 2024-01-09 15:38:16 +01:00
3 changed files with 986 additions and 740 deletions
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@ -24,7 +24,7 @@ jobs:
        fi
    - name: check direct execution
      run: |
-        expected=18
+        expected=19
        nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
          echo "Invalid number of CVEs reported: $nb instead of $expected"
@ -34,7 +34,7 @@ jobs:
        fi
    - name: check docker-compose run execution
      run: |
-        expected=18
+        expected=19
        docker-compose build
        nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
@ -45,7 +45,7 @@ jobs:
        fi
    - name: check docker run execution
      run: |
-        expected=18
+        expected=19
        docker build -t spectre-meltdown-checker .
        nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
--- a/README.md
+++ b/README.md
@ -23,6 +23,7 @@ CVE
 [CVE-2022-40982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982) | Gather Data Sampling                                | GDS, Downfall
 [CVE-2023-20569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569) | Return Address Security                             | Inception, RAS, SRSO
 [CVE-2023-20593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593) | Cross-Process Information Leak                      | Zenbleed
+[CVE-2023-23583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23583) | Redundant Prefix issue                              | Reptar

 Supported operating systems:
 - Linux (all versions, flavors and distros)
@ -199,3 +200,9 @@ docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/m
   - Impact: Kernel & all software
   - Mitigation: either kernel mitigation by disabling a CPU optimization through an MSR bit, or CPU microcode mitigation
   - Performance impact of the mitigation: TBD
+
+**CVE-2023-23583** Redundant Prefix issue (Reptar)
+
+   - Impact: All software
+   - Mitigation: microcode update for the affected CPU
+   - Performance impact of the mitigation: low
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
Author	SHA1	Message	Date
Stephane Lesimple	8ac2539a2a	fix: microcode check now supports pf_mask (fixes #482 )	2024-01-09 17:05:18 +01:00
Stéphane Lesimple	97f4d5f2bc	feat(reptar): add detection and mitigation of Reptar	2024-01-09 15:38:16 +01:00