peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2025-07-19 17:21:23 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: peter:a2843575be969aaedfb955285c23874aa18cd599
Branches Tags
peter:master
peter:v0.46 peter:v0.45 peter:v0.44 peter:v0.43 peter:v0.42 peter:v0.41 peter:v0.40 peter:v0.39 peter:v0.38 peter:v0.37 peter:v0.36 peter:v0.35 peter:v0.34 peter:v0.33 peter:v0.32 peter:v0.31 peter:v0.30 peter:v0.29 peter:v0.28 peter:v0.27 peter:v0.26 peter:v0.25 peter:v0.24 peter:v0.23 peter:v0.22 peter:v0.21 peter:v0.20 peter:v0.19 peter:v0.18 peter:v0.17 peter:v0.16 peter:v0.15 peter:v0.14 peter:v0.13 peter:v0.12 peter:v0.11 peter:v0.10 peter:v0.09 peter:v0.08 peter:v0.07 peter:v0.06 peter:v0.05 peter:v0.04 peter:v0.03 peter:v0.02 peter:v0.01
..
compare: peter:v0.46
Branches Tags
peter:master
peter:v0.46 peter:v0.45 peter:v0.44 peter:v0.43 peter:v0.42 peter:v0.41 peter:v0.40 peter:v0.39 peter:v0.38 peter:v0.37 peter:v0.36 peter:v0.35 peter:v0.34 peter:v0.33 peter:v0.32 peter:v0.31 peter:v0.30 peter:v0.29 peter:v0.28 peter:v0.27 peter:v0.26 peter:v0.25 peter:v0.24 peter:v0.23 peter:v0.22 peter:v0.21 peter:v0.20 peter:v0.19 peter:v0.18 peter:v0.17 peter:v0.16 peter:v0.15 peter:v0.14 peter:v0.13 peter:v0.12 peter:v0.11 peter:v0.10 peter:v0.09 peter:v0.08 peter:v0.07 peter:v0.06 peter:v0.05 peter:v0.04 peter:v0.03 peter:v0.02 peter:v0.01

13 Commits
a2843575be ... v0.46

Author SHA1 Message Date
Stéphane Lesimple
b8f8c81d51 release v0.46 2023-07-26 18:07:02 +02:00
Stéphane Lesimple
f34dd5fa7b enh: assume CPU is immune to Zenbleed regardless of vendor except AMD 
This contradicts our usual "if we don't know, consider vulnerable" motto,
but as this vuln is extremely specific (which is not the case for the Spectre
range of vulnerabilities, for example), this is the correct approach here.
 2023-07-26 17:54:44 +02:00
Stéphane Lesimple
c0869d7341 enh: zenbleed: give a manual mitigation in --explain 2023-07-26 16:38:02 +02:00
Stéphane Lesimple
e99a548dcc fix: fms2cpuid was incorrect for families > 0xF 2023-07-26 14:33:11 +02:00
Stéphane Lesimple
3d475dfaec feat: fwdb: add linux-firmware as AMD source, update fwdb accordingly 2023-07-26 13:57:05 +02:00
Stéphane Lesimple
cba5010c2a chore: fix typo 2023-07-26 13:57:05 +02:00
Stéphane Lesimple
c5661f098f enh: add --explain text for Zenbleed 2023-07-26 10:56:45 +02:00
Stéphane Lesimple
6844c01242 enh: add zenbleed support to the --variant option 2023-07-26 10:46:38 +02:00
ShadowCurse
0811f28ac6 fix: arm is not affected by zenbleed 2023-07-25 19:59:59 +02:00
Stéphane Lesimple
9bb79a18eb feat: add Zenbleed (CVE-2023-20593) and update fwdb to v270+i20230614 2023-07-25 17:54:59 +02:00
George Cherian
0d93c6ffb4 feat: arm: add Neoverse-N2 and Neoverse-V2 
Signed-off-by: George Cherian <george.cherian@marvell.com>
 2023-06-18 12:19:02 +02:00
Stéphane Lesimple
6a61df200e update: fwdb to v266+i20230512 2023-05-13 10:27:03 +02:00
ShadowCurse
e4b313fe79 feat: arm: add Neoverse-V1 2023-04-22 11:17:06 +02:00
3 changed files with 423 additions and 85 deletions
Expand all files Collapse all files

6
.github/workflows/check.yml vendored
View File

@ -24,7 +24,7 @@ jobs:
fi fi
- name: check direct execution - name: check direct execution
run: | run: |
expected=15 expected=16
nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l) nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then if [ "$nb" -ne "$expected" ]; then
echo "Invalid number of CVEs reported: $nb instead of $expected" echo "Invalid number of CVEs reported: $nb instead of $expected"
@ -34,7 +34,7 @@ jobs:
fi fi
- name: check docker-compose run execution - name: check docker-compose run execution
run: | run: |
expected=15 expected=16
docker-compose build docker-compose build
nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then if [ "$nb" -ne "$expected" ]; then
@ -45,7 +45,7 @@ jobs:
fi fi
- name: check docker run execution - name: check docker run execution
run: | run: |
expected=15 expected=16
docker build -t spectre-meltdown-checker . docker build -t spectre-meltdown-checker .
nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then if [ "$nb" -ne "$expected" ]; then

9
README.md
View File

@ -18,8 +18,9 @@ CVE
[CVE-2018-12127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127) | Microarchitectural Load Port Data Sampling | MLPDS, RIDL [CVE-2018-12127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127) | Microarchitectural Load Port Data Sampling | MLPDS, RIDL
[CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091) | Microarchitectural Data Sampling Uncacheable Memory | MDSUM, RIDL [CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091) | Microarchitectural Data Sampling Uncacheable Memory | MDSUM, RIDL
[CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135) | TSX asynchronous abort | TAA, ZombieLoad V2 [CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135) | TSX asynchronous abort | TAA, ZombieLoad V2
[CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207) | Machine Mheck Exception on Page Size Changes | MCEPSC, No eXcuses, iTLB Multihit [CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207) | Machine Check Exception on Page Size Changes | MCEPSC, No eXcuses, iTLB Multihit
[CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543) | Special Register Buffer Data Sampling | SRBDS [CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543) | Special Register Buffer Data Sampling | SRBDS
[CVE-2023-20593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593) | Cross-Process Information Leak | Zenbleed
Supported operating systems: Supported operating systems:
- Linux (all versions, flavors and distros) - Linux (all versions, flavors and distros)
@ -178,3 +179,9 @@ docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/m
- Impact: Kernel - Impact: Kernel
- Mitigation: microcode update + kernel update helping to protect various CPU internal buffers from unprivileged speculative access to data - Mitigation: microcode update + kernel update helping to protect various CPU internal buffers from unprivileged speculative access to data
- Performance impact of the mitigation: low - Performance impact of the mitigation: low
**CVE-2023-20593** Cross-Process Information Leak (Zenbleed)
- Impact: Kernel & all software
- Mitigation: either kernel mitigation by disabling a CPU optimization through an MSR bit, or CPU microcode mitigation
- Performance impact of the mitigation: TBD

493
spectre-meltdown-checker.sh
View File

@ -12,7 +12,7 @@
# #
# Stephane Lesimple # Stephane Lesimple
# #
VERSION='0.45' VERSION='0.46'
trap 'exit_cleanup' EXIT trap 'exit_cleanup' EXIT
trap '_warn "interrupted, cleaning up..."; exit_cleanup; exit 1' INT trap '_warn "interrupted, cleaning up..."; exit_cleanup; exit 1' INT
@ -25,6 +25,7 @@ exit_cleanup()
[ -n "${kerneltmp2:-}" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2" [ -n "${kerneltmp2:-}" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2"
[ -n "${mcedb_tmp:-}" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp" [ -n "${mcedb_tmp:-}" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp"
[ -n "${intel_tmp:-}" ] && [ -d "$intel_tmp" ] && rm -rf "$intel_tmp" [ -n "${intel_tmp:-}" ] && [ -d "$intel_tmp" ] && rm -rf "$intel_tmp"
[ -n "${linuxfw_tmp:-}" ] && [ -f "$linuxfw_tmp" ] && rm -f "$linuxfw_tmp"
[ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null [ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null
[ "${mounted_procfs:-}" = 1 ] && umount "$procfs" 2>/dev/null [ "${mounted_procfs:-}" = 1 ] && umount "$procfs" 2>/dev/null
[ "${insmod_cpuid:-}" = 1 ] && rmmod cpuid 2>/dev/null [ "${insmod_cpuid:-}" = 1 ] && rmmod cpuid 2>/dev/null
@ -86,10 +87,11 @@ show_usage()
--batch nrpe produce machine readable output formatted for NRPE --batch nrpe produce machine readable output formatted for NRPE
--batch prometheus produce output for consumption by prometheus-node-exporter --batch prometheus produce output for consumption by prometheus-node-exporter
--variant VARIANT specify which variant you'd like to check, by default all variants are checked --variant VARIANT specify which variant you'd like to check, by default all variants are checked.
VARIANT can be one of 1, 2, 3, 3a, 4, l1tf, msbds, mfbds, mlpds, mdsum, taa, mcepsc, srbds can be used multiple times (e.g. --variant 3a --variant l1tf)
can be specified multiple times (e.g. --variant 2 --variant 3) for a list of supported VARIANT parameters, use --variant help
--cve [cve1,cve2,...] specify which CVE you'd like to check, by default all supported CVEs are checked --cve CVE specify which CVE you'd like to check, by default all supported CVEs are checked
can be used multiple times (e.g. --cve CVE-2017-5753 --cve CVE-2020-0543)
--hw-only only check for CPU information, don't check for any variant --hw-only only check for CPU information, don't check for any variant
--no-hw skip CPU information and checks, if you're inspecting a kernel not to be run on this host --no-hw skip CPU information and checks, if you're inspecting a kernel not to be run on this host
--vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto --vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto
@ -170,7 +172,7 @@ global_critical=0
global_unknown=0 global_unknown=0
nrpe_vuln='' nrpe_vuln=''
supported_cve_list='CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 CVE-2018-3640 CVE-2018-3639 CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 CVE-2019-11135 CVE-2018-12207 CVE-2020-0543' supported_cve_list='CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 CVE-2018-3640 CVE-2018-3639 CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 CVE-2019-11135 CVE-2018-12207 CVE-2020-0543 CVE-2023-20593'
# find a sane command to print colored messages, we prefer `printf` over `echo` # find a sane command to print colored messages, we prefer `printf` over `echo`
# because `printf` behavior is more standard across Linux/BSD # because `printf` behavior is more standard across Linux/BSD
@ -295,6 +297,7 @@ cve2name()
CVE-2019-11135) echo "ZombieLoad V2, TSX Asynchronous Abort (TAA)";; CVE-2019-11135) echo "ZombieLoad V2, TSX Asynchronous Abort (TAA)";;
CVE-2018-12207) echo "No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)";; CVE-2018-12207) echo "No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)";;
CVE-2020-0543) echo "Special Register Buffer Data Sampling (SRBDS)";; CVE-2020-0543) echo "Special Register Buffer Data Sampling (SRBDS)";;
CVE-2023-20593) echo "Zenbleed, cross-process information leak";;
*) echo "$0: error: invalid CVE '$1' passed to cve2name()" >&2; exit 255;; *) echo "$0: error: invalid CVE '$1' passed to cve2name()" >&2; exit 255;;
esac esac
} }
@ -319,6 +322,7 @@ _is_cpu_affected_cached()
CVE-2019-11135) return $variant_taa;; CVE-2019-11135) return $variant_taa;;
CVE-2018-12207) return $variant_itlbmh;; CVE-2018-12207) return $variant_itlbmh;;
CVE-2020-0543) return $variant_srbds;; CVE-2020-0543) return $variant_srbds;;
CVE-2023-20593) return $variant_zenbleed;;
*) echo "$0: error: invalid variant '$1' passed to is_cpu_affected()" >&2; exit 255;; *) echo "$0: error: invalid variant '$1' passed to is_cpu_affected()" >&2; exit 255;;
esac esac
} }
@ -348,6 +352,8 @@ is_cpu_affected()
variant_taa='' variant_taa=''
variant_itlbmh='' variant_itlbmh=''
variant_srbds='' variant_srbds=''
# Zenbleed if extremely AMD specific, look for "is_and" below:
variant_zenbleed=immune
if is_cpu_mds_free; then if is_cpu_mds_free; then
[ -z "$variant_msbds" ] && variant_msbds=immune [ -z "$variant_msbds" ] && variant_msbds=immune
@ -469,6 +475,11 @@ is_cpu_affected()
_debug "is_cpu_affected: cpu not affected by speculative store bypass so not vuln to variant4" _debug "is_cpu_affected: cpu not affected by speculative store bypass so not vuln to variant4"
fi fi
variantl1tf=immune variantl1tf=immune
# Zenbleed
amd_legacy_erratum "$(amd_model_range 0x17 0x30 0x0 0x4f 0xf)" && variant_zenbleed=vuln
amd_legacy_erratum "$(amd_model_range 0x17 0x60 0x0 0x7f 0xf)" && variant_zenbleed=vuln
amd_legacy_erratum "$(amd_model_range 0x17 0xa0 0x0 0xaf 0xf)" && variant_zenbleed=vuln
elif [ "$cpu_vendor" = CAVIUM ]; then elif [ "$cpu_vendor" = CAVIUM ]; then
variant3=immune variant3=immune
variant3a=immune variant3a=immune
@ -495,9 +506,9 @@ is_cpu_affected()
if [ -n "$cpupart" ] && [ -n "$cpuarch" ]; then if [ -n "$cpupart" ] && [ -n "$cpuarch" ]; then
# Cortex-R7 and Cortex-R8 are real-time and only used in medical devices or such # Cortex-R7 and Cortex-R8 are real-time and only used in medical devices or such
# I can't find their CPU part number, but it's probably not that useful anyway # I can't find their CPU part number, but it's probably not that useful anyway
# model R7 R8 A8 A9 A12 A15 A17 A57 A72 A73 A75 A76 Neoverse-N1 A77 # model R7 R8 A8 A9 A12 A15 A17 A57 A72 A73 A75 A76 A77 Neoverse-N1 Neoverse-V1 Neoverse-N1 Neoverse-V2
# part ? ? c08 c09 c0d c0f c0e d07 d08 d09 d0a d0b d0c d0d # part ? ? c08 c09 c0d c0f c0e d07 d08 d09 d0a d0b d0d d0c d40 d49 d4f
# arch 7? 7? 7 7 7 7 7 8 8 8 8 8 8 8 # arch 7? 7? 7 7 7 7 7 8 8 8 8 8 8 8 8 8 8
# #
# Whitelist identified non-affected processors, use vulnerability information from # Whitelist identified non-affected processors, use vulnerability information from
# https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability # https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
@ -548,6 +559,13 @@ is_cpu_affected()
[ -z "$variant3a" ] && variant3a=immune [ -z "$variant3a" ] && variant3a=immune
variant4=vuln variant4=vuln
_debug "checking cpu$i: armv8 A76/A77/NeoverseN1 non affected to variant 2, 3 & 3a" _debug "checking cpu$i: armv8 A76/A77/NeoverseN1 non affected to variant 2, 3 & 3a"
elif [ "$cpuarch" = 8 ] && echo "$cpupart" | grep -q -w -e 0xd40 -e 0xd49 -e 0xd4f; then
variant1=vuln
[ -z "$variant2" ] && variant2=immune
[ -z "$variant3" ] && variant3=immune
[ -z "$variant3a" ] && variant3a=immune
[ -z "$variant4" ] && variant4=immune
_debug "checking cpu$i: armv8 NeoverseN2/V1/V2 non affected to variant 2, 3, 3a & 4"
elif [ "$cpuarch" -le 7 ] || { [ "$cpuarch" = 8 ] && [ $(( cpupart )) -lt $(( 0xd07 )) ]; } ; then elif [ "$cpuarch" -le 7 ] || { [ "$cpuarch" = 8 ] && [ $(( cpupart )) -lt $(( 0xd07 )) ]; } ; then
[ -z "$variant1" ] && variant1=immune [ -z "$variant1" ] && variant1=immune
[ -z "$variant2" ] && variant2=immune [ -z "$variant2" ] && variant2=immune
@ -617,6 +635,7 @@ is_cpu_affected()
[ "$variant_taa" = "immune" ] && variant_taa=1 || variant_taa=0 [ "$variant_taa" = "immune" ] && variant_taa=1 || variant_taa=0
[ "$variant_itlbmh" = "immune" ] && variant_itlbmh=1 || variant_itlbmh=0 [ "$variant_itlbmh" = "immune" ] && variant_itlbmh=1 || variant_itlbmh=0
[ "$variant_srbds" = "immune" ] && variant_srbds=1 || variant_srbds=0 [ "$variant_srbds" = "immune" ] && variant_srbds=1 || variant_srbds=0
[ "$variant_zenbleed" = "immune" ] && variant_zenbleed=1 || variant_zenbleed=0
variantl1tf_sgx="$variantl1tf" variantl1tf_sgx="$variantl1tf"
# even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow # even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow
[ "$cpuid_sgx" = 0 ] && variantl1tf_sgx=1 [ "$cpuid_sgx" = 0 ] && variantl1tf_sgx=1
@ -839,6 +858,29 @@ show_header()
_info _info
} }
# Family-Model-Stepping to CPUID
# prints CPUID in base-10 to stdout
fms2cpuid()
{
_family="$1"
_model="$2"
_stepping="$3"
if [ "$(( _family ))" -le 15 ]; then
_extfamily=0
_lowfamily=$(( _family ))
else
# when we have a family > 0xF, then lowfamily is stuck at 0xF
# and extfamily is ADDED to it (as in "+"), to ensure old software
# never sees a lowfamily < 0xF for newer families
_lowfamily=15
_extfamily=$(( (_family) - 15 ))
fi
_extmodel=$(( (_model & 0xF0 ) >> 4 ))
_lowmodel=$(( (_model & 0x0F ) >> 0 ))
echo $(( (_stepping & 0x0F) | (_lowmodel << 4) | (_lowfamily << 8) | (_extmodel << 16) | (_extfamily << 20) ))
}
[ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)" [ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)"
mcedb_cache="$HOME/.mcedb" mcedb_cache="$HOME/.mcedb"
update_fwdb() update_fwdb()
@ -904,7 +946,9 @@ update_fwdb()
return 1 return 1
fi fi
sqlite3 "$mcedb_tmp" "ALTER TABLE \"Intel\" ADD COLUMN \"origin\" TEXT" sqlite3 "$mcedb_tmp" "ALTER TABLE \"Intel\" ADD COLUMN \"origin\" TEXT"
sqlite3 "$mcedb_tmp" "ALTER TABLE \"AMD\" ADD COLUMN \"origin\" TEXT"
sqlite3 "$mcedb_tmp" "UPDATE \"Intel\" SET \"origin\"='mce'" sqlite3 "$mcedb_tmp" "UPDATE \"Intel\" SET \"origin\"='mce'"
sqlite3 "$mcedb_tmp" "UPDATE \"AMD\" SET \"origin\"='mce'"
echo OK "MCExtractor database revision $mcedb_revision" echo OK "MCExtractor database revision $mcedb_revision"
@ -955,6 +999,48 @@ update_fwdb()
fi fi
echo DONE "(version $_intel_latest_date)" echo DONE "(version $_intel_latest_date)"
# now parse the most recent linux-firmware amd-ucode README file
_info_nol "Fetching latest amd-ucode README from linux-firmware project... "
linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/README"
linuxfw_tmp=$(mktemp -t smc-linuxfw-XXXXXX)
if command -v wget >/dev/null 2>&1; then
wget -q "$linuxfw_url" -O "$linuxfw_tmp"; ret=$?
elif command -v curl >/dev/null 2>&1; then
curl -sL "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
elif command -v fetch >/dev/null 2>&1; then
fetch -q "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
else
echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
return 1
fi
if [ "$ret" != 0 ]; then
echo ERROR "error $ret while downloading linux-firmware README"
return $ret
fi
echo DONE
_info_nol "Parsing the README... "
nbfound=0
for line in $(grep -E 'Family=0x[0-9a-f]+ Model=0x[0-9a-f]+ Stepping=0x[0-9a-f]+: Patch=0x[0-9a-f]+' "$linuxfw_tmp" | tr " " ","); do
_debug "Parsing line $line"
_family=$( echo "$line" | grep -Eoi 'Family=0x[0-9a-f]+' | cut -d= -f2)
_model=$( echo "$line" | grep -Eoi 'Model=0x[0-9a-f]+' | cut -d= -f2)
_stepping=$(echo "$line" | grep -Eoi 'Stepping=0x[0-9a-f]+' | cut -d= -f2)
_version=$( echo "$line" | grep -Eoi 'Patch=0x[0-9a-f]+' | cut -d= -f2)
_version=$(printf "0x%08X" "$(( _version ))")
_cpuid=$(fms2cpuid "$_family" "$_model" "$_stepping")
_cpuid=$(printf "0x%08X" "$_cpuid")
_date="20000101"
_sqlstm="$(printf "INSERT INTO \"AMD\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "linux-firmware" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
_debug "family $_family model $_model stepping $_stepping cpuid $_cpuid"
_debug "$_sqlstm"
sqlite3 "$mcedb_tmp" "$_sqlstm"
nbfound=$((nbfound + 1))
unset _family _model _stepping _version _cpuid _date _sqlstm
done
echo "found $nbfound microcodes"
unset nbfound
dbversion="$mcedb_revision+i$_intel_latest_date" dbversion="$mcedb_revision+i$_intel_latest_date"
if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then
@ -1131,25 +1217,29 @@ while [ -n "${1:-}" ]; do
shift 2 shift 2
elif [ "$1" = "--variant" ]; then elif [ "$1" = "--variant" ]; then
if [ -z "$2" ]; then if [ -z "$2" ]; then
echo "$0: error: option --variant expects a parameter (1, 2, 3, 3a, 4 or l1tf)" >&2 echo "$0: error: option --variant expects a parameter (see --variant help)" >&2
exit 255 exit 255
fi fi
case "$2" in case "$2" in
1) opt_cve_list="$opt_cve_list CVE-2017-5753"; opt_cve_all=0;; help) echo "The following parameters are supported for --variant (can be used multiple times):";
2) opt_cve_list="$opt_cve_list CVE-2017-5715"; opt_cve_all=0;; echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, zenbleed";
3) opt_cve_list="$opt_cve_list CVE-2017-5754"; opt_cve_all=0;; exit 0;;
3a) opt_cve_list="$opt_cve_list CVE-2018-3640"; opt_cve_all=0;; 1) opt_cve_list="$opt_cve_list CVE-2017-5753"; opt_cve_all=0;;
4) opt_cve_list="$opt_cve_list CVE-2018-3639"; opt_cve_all=0;; 2) opt_cve_list="$opt_cve_list CVE-2017-5715"; opt_cve_all=0;;
msbds) opt_cve_list="$opt_cve_list CVE-2018-12126"; opt_cve_all=0;; 3) opt_cve_list="$opt_cve_list CVE-2017-5754"; opt_cve_all=0;;
mfbds) opt_cve_list="$opt_cve_list CVE-2018-12130"; opt_cve_all=0;; 3a) opt_cve_list="$opt_cve_list CVE-2018-3640"; opt_cve_all=0;;
mlpds) opt_cve_list="$opt_cve_list CVE-2018-12127"; opt_cve_all=0;; 4) opt_cve_list="$opt_cve_list CVE-2018-3639"; opt_cve_all=0;;
mdsum) opt_cve_list="$opt_cve_list CVE-2019-11091"; opt_cve_all=0;; msbds) opt_cve_list="$opt_cve_list CVE-2018-12126"; opt_cve_all=0;;
l1tf) opt_cve_list="$opt_cve_list CVE-2018-3615 CVE-2018-3620 CVE-2018-3646"; opt_cve_all=0;; mfbds) opt_cve_list="$opt_cve_list CVE-2018-12130"; opt_cve_all=0;;
taa) opt_cve_list="$opt_cve_list CVE-2019-11135"; opt_cve_all=0;; mlpds) opt_cve_list="$opt_cve_list CVE-2018-12127"; opt_cve_all=0;;
mcepsc) opt_cve_list="$opt_cve_list CVE-2018-12207"; opt_cve_all=0;; mdsum) opt_cve_list="$opt_cve_list CVE-2019-11091"; opt_cve_all=0;;
srbds) opt_cve_list="$opt_cve_list CVE-2020-0543"; opt_cve_all=0;; l1tf) opt_cve_list="$opt_cve_list CVE-2018-3615 CVE-2018-3620 CVE-2018-3646"; opt_cve_all=0;;
taa) opt_cve_list="$opt_cve_list CVE-2019-11135"; opt_cve_all=0;;
mcepsc) opt_cve_list="$opt_cve_list CVE-2018-12207"; opt_cve_all=0;;
srbds) opt_cve_list="$opt_cve_list CVE-2020-0543"; opt_cve_all=0;;
zenbleed) opt_cve_list="$opt_cve_list CVE-2023-20593"; opt_cve_all=0;;
*) *)
echo "$0: error: invalid parameter '$2' for --variant, expected either 1, 2, 3, 3a, 4, l1tf, msbds, mfbds, mlpds, mdsum, taa, mcepsc or srbds" >&2; echo "$0: error: invalid parameter '$2' for --variant, see --variant help for a list" >&2;
exit 255 exit 255
;; ;;
esac esac
@ -1240,6 +1330,7 @@ pvulnstatus()
CVE-2019-11135) aka="TAA";; CVE-2019-11135) aka="TAA";;
CVE-2018-12207) aka="ITLBMH";; CVE-2018-12207) aka="ITLBMH";;
CVE-2020-0543) aka="SRBDS";; CVE-2020-0543) aka="SRBDS";;
CVE-2023-20593) aka="ZENBLEED";;
*) echo "$0: error: invalid CVE '$1' passed to pvulnstatus()" >&2; exit 255;; *) echo "$0: error: invalid CVE '$1' passed to pvulnstatus()" >&2; exit 255;;
esac esac
@ -1980,6 +2071,7 @@ is_zen_cpu()
[ "$cpu_family" = 23 ] && return 0 [ "$cpu_family" = 23 ] && return 0
return 1 return 1
} }
is_moksha_cpu() is_moksha_cpu()
{ {
parse_cpu_details parse_cpu_details
@ -1988,6 +2080,68 @@ is_moksha_cpu()
return 1 return 1
} }
# mimick the Linux macro
##define AMD_MODEL_RANGE(f, m_start, s_start, m_end, s_end) \
# ((f << 24) | (m_start << 16) | (s_start << 12) | (m_end << 4) | (s_end))
amd_model_range()
{
echo $(( ($1 << 24) | ($2 << 16) | ($3 << 12) | ($4 << 4) | ($5) ))
}
# mimick the Linux func, usage:
# amd_legacy_erratum $(amd_model_range 0x17 0x30 0x0 0x4f 0xf)
# return true (0) if the current CPU is affected by this erratum, 1 otherwise
amd_legacy_erratum()
{
_range="$1"
_ms=$((cpu_model << 4 | cpu_stepping))
if [ "$cpu_family" = $(( ( (_range) >> 24) & 0xff )) ] && \
[ $_ms -ge $(( ( (_range) >> 12) & 0xfff )) ] && \
[ $_ms -le $(( (_range) & 0xfff )) ]; then
return 0
fi
return 1
}
# returns 0 (true) if yes, 1 otherwise
# returns 2 if not applicable
has_zenbleed_fixed_firmware()
{
# return cached data
[ -n "$zenbleed_fw" ] && return "$zenbleed_fw"
# or compute it:
zenbleed_fw=2 # unknown
# only amd
if ! is_amd; then
zenbleed_fw=1
return $zenbleed_fw
fi
# list of known fixed firmwares, from commit 522b1d69219d8f083173819fde04f994aa051a98
_tuples="
0x30,0x3f,0x0830107a
0x60,0x67,0x0860010b
0x68,0x6f,0x08608105
0x70,0x7f,0x08701032
0xa0,0xaf,0x08a00008
"
for tuple in $_tuples; do
_model_low=$( echo "$tuple" | cut -d, -f1)
_model_high=$(echo "$tuple" | cut -d, -f2)
_fwver=$( echo "$tuple" | cut -d, -f3)
if [ $((cpu_model)) -ge $((_model_low)) ] && [ $((cpu_model)) -le $((_model_high)) ]; then
if [ $((cpu_ucode)) -ge $((_fwver)) ]; then
zenbleed_fw=0 # true
break
else
zenbleed_fw=1 # false
zenbleed_fw_required=$_fwver
fi
fi
done
unset _tuples
return $zenbleed_fw
}
# Test if the current host is a Xen PV Dom0 / DomU # Test if the current host is a Xen PV Dom0 / DomU
is_xen() { is_xen() {
if [ ! -d "$procfs/xen" ]; then if [ ! -d "$procfs/xen" ]; then
@ -3289,6 +3443,21 @@ check_cpu()
cpuid_srbds=0 cpuid_srbds=0
fi fi
if is_amd; then
_info_nol " * CPU microcode is known to fix Zenbleed: "
has_zenbleed_fixed_firmware; ret=$?
if [ $ret -eq 0 ]; then
# affected CPU, new fw
pstatus green YES
elif [ $ret -eq 1 ]; then
# affected CPU, old fw
pstatus red NO "required version: $zenbleed_fw_required"
else
# unaffected CPU
pstatus yellow NO
fi
fi
_info_nol " * CPU microcode is known to cause stability problems: " _info_nol " * CPU microcode is known to cause stability problems: "
if is_ucode_blacklisted; then if is_ucode_blacklisted; then
pstatus red YES "$ucode_found" pstatus red YES "$ucode_found"
@ -5751,6 +5920,132 @@ check_CVE_2020_0543_bsd()
fi fi
} }
####################
# Zenbleed section
check_CVE_2023_20593()
{
cve='CVE-2023-20593'
_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
if [ "$os" = Linux ]; then
check_CVE_2023_20593_linux
#elif echo "$os" | grep -q BSD; then
# check_CVE_2023_20593_bsd
else
_warn "Unsupported OS ($os)"
fi
}
check_CVE_2023_20593_linux()
{
status=UNK
sys_interface_available=0
msg=''
if [ "$opt_sysfs_only" != 1 ]; then
_info_nol "* Zenbleed mitigation is supported by kernel: "
kernel_zenbleed=''
if [ -n "$kernel_err" ]; then
kernel_zenbleed_err="$kernel_err"
# commit 522b1d69219d8f083173819fde04f994aa051a98
elif grep -q 'Zenbleed:' "$kernel"; then
kernel_zenbleed="found zenbleed message in kernel image"
fi
if [ -n "$kernel_zenbleed" ]; then
pstatus green YES "$kernel_zenbleed"
elif [ -n "$kernel_zenbleed_err" ]; then
pstatus yellow UNKNOWN "$kernel_zenbleed_err"
else
pstatus yellow NO
fi
_info_nol "* Zenbleed kernel mitigation enabled and active: "
if [ "$opt_live" = 1 ]; then
# read the DE_CFG MSR, we want to check the 9th bit
# don't do it on non-Zen2 AMD CPUs or later, aka Family 17h,
# as the behavior could be unknown on others
if is_amd && [ "$cpu_family" -ge $((0x17)) ]; then
read_msr 0xc0011029; ret=$?
if [ $ret = $READ_MSR_RET_OK ]; then
if [ $(( read_msr_value >> 9 & 1 )) -eq 1 ]; then
pstatus green YES "FP_BACKUP_FIX bit set in DE_CFG"
fp_backup_fix=1
else
pstatus yellow NO "FP_BACKUP_FIX is cleared in DE_CFG"
fp_backup_fix=0
fi
elif [ $ret = $READ_MSR_RET_KO ]; then
pstatus yellow UNKNOWN "Couldn't read the DE_CFG MSR"
else
pstatus yellow UNKNOWN "$read_msr_msg"
fi
else
fp_backup_fix=0
pstatus blue N/A "CPU is incompatible"
fi
else
pstatus blue N/A "not testable in offline mode"
fi
_info_nol "* Zenbleed mitigation is supported by CPU microcode: "
has_zenbleed_fixed_firmware; ret=$?
if [ $ret -eq 0 ]; then
pstatus green YES
cpu_ucode_zenbleed=1
elif [ $ret -eq 1 ]; then
pstatus yellow NO
cpu_ucode_zenbleed=2
else
pstatus yellow UNKNOWN
cpu_ucode_zenbleed=3
fi
elif [ "$sys_interface_available" = 0 ]; then
# we have no sysfs but were asked to use it only!
msg="/sys vulnerability interface use forced, but it's not available!"
status=UNK
fi
if ! is_cpu_affected "$cve" ; then
# override status & msg in case CPU is not vulnerable after all
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
elif [ -z "$msg" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test
zenbleed_print_vuln=0
if [ "$opt_live" = 1 ]; then
if [ "$fp_backup_fix" = 1 ] && [ "$cpu_ucode_zenbleed" = 1 ]; then
# this should never happen, but if it does, it's interesting to know
pvulnstatus $cve OK "Both your CPU microcode and kernel are mitigating Zenbleed"
elif [ "$cpu_ucode_zenbleed" = 1 ]; then
pvulnstatus $cve OK "Your CPU microcode mitigates Zenbleed"
elif [ "$fp_backup_fix" = 1 ]; then
pvulnstatus $cve OK "Your kernel mitigates Zenbleed"
else
zenbleed_print_vuln=1
fi
else
if [ "$cpu_ucode_zenbleed" = 1 ]; then
pvulnstatus $cve OK "Your CPU microcode mitigates Zenbleed"
elif [ -n "$kernel_zenbleed" ]; then
pvulnstatus $cve OK "Your kernel mitigates Zenbleed"
else
zenbleed_print_vuln=1
fi
fi
if [ "$zenbleed_print_vuln" = 1 ]; then
pvulnstatus $cve VULN "Your kernel is too old to mitigate Zenbleed and your CPU microcode doesn't mitigate it either"
explain "Your CPU vendor may have a new microcode for your CPU model that mitigates this issue (refer to the hardware section above).\n " \
"Otherwise, the Linux kernel is able to mitigate this issue regardless of the microcode version you have, but in this case\n " \
"your kernel is too old to support this, your Linux distribution vendor might have a more recent version you should upgrade to.\n " \
"Note that either having an up to date microcode OR an up to date kernel is enough to mitigate this issue.\n " \
"To manually mitigate the issue right now, you may use the following command: \`wrmsr -a 0xc0011029 \$((\$(rdmsr -c 0xc0011029) | (1<<9)))\`,\n " \
"however note that this manual mitigation will only be active until the next reboot."
fi
unset zenbleed_print_vuln
else
pvulnstatus $cve "$status" "$msg"
fi
}
####################### #######################
# END OF VULNS SECTIONS # END OF VULNS SECTIONS
@ -5843,7 +6138,7 @@ exit 0 # ok
# The builtin version follows, but the user can download an up-to-date copy (to be stored in his $HOME) by using --update-fwdb # The builtin version follows, but the user can download an up-to-date copy (to be stored in his $HOME) by using --update-fwdb
# To update the builtin version itself (by *modifying* this very file), use --update-builtin-fwdb # To update the builtin version itself (by *modifying* this very file), use --update-builtin-fwdb
# %%% MCEDB v222+i20220208 # %%% MCEDB v271+i20230614
# I,0x00000611,0x00000B27,19961218 # I,0x00000611,0x00000B27,19961218
# I,0x00000612,0x000000C6,19961210 # I,0x00000612,0x000000C6,19961210
# I,0x00000616,0x000000C6,19961210 # I,0x00000616,0x000000C6,19961210
@ -6024,7 +6319,7 @@ exit 0 # ok
# I,0x00030672,0x0000022E,20140401 # I,0x00030672,0x0000022E,20140401
# I,0x00030673,0x83290100,20190916 # I,0x00030673,0x83290100,20190916
# I,0x00030678,0x00000838,20190422 # I,0x00030678,0x00000838,20190422
# I,0x00030679,0x0000090C,20190423 # I,0x00030679,0x0000090D,20190710
# I,0x000306A0,0x00000007,20110407 # I,0x000306A0,0x00000007,20110407
# I,0x000306A2,0x0000000C,20110725 # I,0x000306A2,0x0000000C,20110725
# I,0x000306A4,0x00000007,20110908 # I,0x000306A4,0x00000007,20110908
@ -6068,20 +6363,20 @@ exit 0 # ok
# I,0x000406D8,0x0000012D,20190916 # I,0x000406D8,0x0000012D,20190916
# I,0x000406E1,0x00000020,20141111 # I,0x000406E1,0x00000020,20141111
# I,0x000406E2,0x0000002C,20150521 # I,0x000406E2,0x0000002C,20150521
# I,0x000406E3,0x000000EC,20210428 # I,0x000406E3,0x000000F0,20211112
# I,0x000406E8,0x00000026,20160414 # I,0x000406E8,0x00000026,20160414
# I,0x000406F0,0x00000014,20150702 # I,0x000406F0,0x00000014,20150702
# I,0x000406F1,0x0B000040,20210519 # I,0x000406F1,0x0B000040,20210519
# I,0x00050650,0x8000002B,20160208 # I,0x00050650,0x8000002B,20160208
# I,0x00050651,0x8000002B,20160208 # I,0x00050651,0x8000002B,20160208
# I,0x00050652,0x80000037,20170502 # I,0x00050652,0x80000037,20170502
# I,0x00050653,0x0100015C,20210526 # I,0x00050653,0x01000171,20221221
# I,0x00050654,0x02006C0A,20210616 # I,0x00050654,0x02006F05,20221221
# I,0x00050655,0x03000010,20181116 # I,0x00050655,0x03000010,20181116
# I,0x00050656,0x0400320A,20210813 # I,0x00050656,0x04003501,20221221
# I,0x00050657,0x0500320A,20210813 # I,0x00050657,0x05003501,20221221
# I,0x0005065A,0x86002302,20210416 # I,0x0005065A,0x86002302,20210416
# I,0x0005065B,0x07002402,20210604 # I,0x0005065B,0x07002601,20221221
# I,0x00050661,0xF1000008,20150130 # I,0x00050661,0xF1000008,20150130
# I,0x00050662,0x0000001C,20190617 # I,0x00050662,0x0000001C,20190617
# I,0x00050663,0x0700001C,20210612 # I,0x00050663,0x0700001C,20210612
@ -6090,18 +6385,19 @@ exit 0 # ok
# I,0x00050670,0xFFFF0030,20151113 # I,0x00050670,0xFFFF0030,20151113
# I,0x00050671,0x000001B6,20180108 # I,0x00050671,0x000001B6,20180108
# I,0x000506A0,0x00000038,20150112 # I,0x000506A0,0x00000038,20150112
# I,0x000506C0,0x00000002,20140613
# I,0x000506C2,0x00000014,20180511 # I,0x000506C2,0x00000014,20180511
# I,0x000506C8,0x90011010,20160323 # I,0x000506C8,0x90011010,20160323
# I,0x000506C9,0x00000046,20210510 # I,0x000506C9,0x00000048,20211116
# I,0x000506CA,0x00000024,20210510 # I,0x000506CA,0x00000028,20211116
# I,0x000506D1,0x00000102,20150605 # I,0x000506D1,0x00000102,20150605
# I,0x000506E0,0x00000018,20141119 # I,0x000506E0,0x00000018,20141119
# I,0x000506E1,0x0000002A,20150602 # I,0x000506E1,0x0000002A,20150602
# I,0x000506E2,0x0000002E,20150815 # I,0x000506E2,0x0000002E,20150815
# I,0x000506E3,0x000000EC,20210429 # I,0x000506E3,0x000000F0,20211112
# I,0x000506E8,0x00000034,20160710 # I,0x000506E8,0x00000034,20160710
# I,0x000506F0,0x00000010,20160607 # I,0x000506F0,0x00000010,20160607
# I,0x000506F1,0x00000036,20210510 # I,0x000506F1,0x00000038,20211202
# I,0x00060660,0x0000000C,20160821 # I,0x00060660,0x0000000C,20160821
# I,0x00060661,0x0000000E,20170128 # I,0x00060661,0x0000000E,20170128
# I,0x00060662,0x00000022,20171129 # I,0x00060662,0x00000022,20171129
@ -6109,64 +6405,79 @@ exit 0 # ok
# I,0x000606A0,0x80000031,20200308 # I,0x000606A0,0x80000031,20200308
# I,0x000606A4,0x0B000280,20200817 # I,0x000606A4,0x0B000280,20200817
# I,0x000606A5,0x0C0002F0,20210308 # I,0x000606A5,0x0C0002F0,20210308
# I,0x000606A6,0x0D000331,20211203 # I,0x000606A6,0x0D000390,20221228
# I,0x000606C0,0xFD000220,20210629
# I,0x000606C1,0x01000230,20230127
# I,0x000606E0,0x0000000B,20161104 # I,0x000606E0,0x0000000B,20161104
# I,0x000606E1,0x00000108,20190423 # I,0x000606E1,0x00000108,20190423
# I,0x000706A0,0x00000026,20170712 # I,0x000706A0,0x00000026,20170712
# I,0x000706A1,0x00000038,20210510 # I,0x000706A1,0x0000003E,20220916
# I,0x000706A8,0x0000001C,20210510 # I,0x000706A8,0x00000022,20220920
# I,0x000706E0,0x0000002C,20180614 # I,0x000706E0,0x0000002C,20180614
# I,0x000706E1,0x00000042,20190420 # I,0x000706E1,0x00000042,20190420
# I,0x000706E2,0x00000042,20190420 # I,0x000706E2,0x00000042,20190420
# I,0x000706E3,0x81000008,20181002 # I,0x000706E3,0x81000008,20181002
# I,0x000706E4,0x00000046,20190905 # I,0x000706E4,0x00000046,20190905
# I,0x000706E5,0x000000A8,20210526 # I,0x000706E5,0x000000BA,20221225
# I,0x00080650,0x00000018,20180108 # I,0x00080650,0x00000018,20180108
# I,0x00080664,0x0B00000F,20210217 # I,0x00080664,0x4C000021,20220815
# I,0x00080665,0x0B00000F,20210217 # I,0x00080665,0x4C000021,20220815
# I,0x00080667,0x4C000021,20220815
# I,0x000806A0,0x00000010,20190507 # I,0x000806A0,0x00000010,20190507
# I,0x000806A1,0x0000002D,20210902 # I,0x000806A1,0x00000033,20230113
# I,0x000806C0,0x00000068,20200402 # I,0x000806C0,0x00000068,20200402
# I,0x000806C1,0x0000009A,20210806 # I,0x000806C1,0x000000AA,20221228
# I,0x000806C2,0x00000022,20210716 # I,0x000806C2,0x0000002A,20221228
# I,0x000806D0,0x00000050,20201217 # I,0x000806D0,0x00000050,20201217
# I,0x000806D1,0x0000003C,20210716 # I,0x000806D1,0x00000044,20221228
# I,0x000806E9,0x000000EC,20210428 # I,0x000806E9,0x000000F2,20230102
# I,0x000806EA,0x000000EC,20210428 # I,0x000806EA,0x000000F2,20221226
# I,0x000806EB,0x000000EC,20210428 # I,0x000806EB,0x000000F2,20221226
# I,0x000806EC,0x000000EC,20210428 # I,0x000806EC,0x000000F6,20221226
# I,0x000806F3,0x8D000520,20220812
# I,0x000806F4,0x2B000461,20230313
# I,0x000806F5,0x2B000461,20230313
# I,0x000806F6,0x2B000461,20230313
# I,0x000806F7,0x2B000461,20230313
# I,0x000806F8,0x2B000461,20230313
# I,0x00090660,0x00000009,20200617 # I,0x00090660,0x00000009,20200617
# I,0x00090661,0x00000015,20210921 # I,0x00090661,0x00000017,20220715
# I,0x00090670,0x00000019,20201111 # I,0x00090670,0x00000019,20201111
# I,0x00090671,0x0000001C,20210614 # I,0x00090671,0x0000001C,20210614
# I,0x00090672,0x0000001F,20220303 # I,0x00090672,0x0000002C,20230104
# I,0x00090674,0x00000219,20210425 # I,0x00090674,0x00000219,20210425
# I,0x00090675,0x0000001F,20220303 # I,0x00090675,0x0000002C,20230104
# I,0x000906A0,0x0000001C,20210614 # I,0x000906A0,0x0000001C,20210614
# I,0x000906A1,0x0000011F,20211104 # I,0x000906A1,0x0000011F,20211104
# I,0x000906A2,0x00000315,20220102 # I,0x000906A2,0x00000315,20220102
# I,0x000906A3,0x0000041B,20220308 # I,0x000906A3,0x0000042A,20230214
# I,0x000906A4,0x0000041B,20220308 # I,0x000906A4,0x0000042A,20230214
# I,0x000906C0,0x2400001F,20210809 # I,0x000906C0,0x24000024,20220902
# I,0x000906E9,0x000000EC,20210429 # I,0x000906E9,0x000000F2,20221226
# I,0x000906EA,0x000000EC,20210428 # I,0x000906EA,0x000000F2,20230112
# I,0x000906EB,0x000000EC,20210428 # I,0x000906EB,0x000000F2,20221226
# I,0x000906EC,0x000000EC,20210428 # I,0x000906EC,0x000000F2,20230112
# I,0x000906ED,0x000000EC,20210428 # I,0x000906ED,0x000000F8,20230205
# I,0x000A0650,0x000000BE,20191010 # I,0x000A0650,0x000000BE,20191010
# I,0x000A0651,0x000000C2,20191113 # I,0x000A0651,0x000000C2,20191113
# I,0x000A0652,0x000000EC,20210428 # I,0x000A0652,0x000000F6,20221227
# I,0x000A0653,0x000000EC,20210428 # I,0x000A0653,0x000000F6,20230101
# I,0x000A0654,0x000000C6,20200123 # I,0x000A0654,0x000000C6,20200123
# I,0x000A0655,0x000000EE,20210428 # I,0x000A0655,0x000000F6,20221226
# I,0x000A0660,0x000000EA,20210428 # I,0x000A0660,0x000000F6,20221226
# I,0x000A0661,0x000000EC,20210429 # I,0x000A0661,0x000000F6,20221226
# I,0x000A0670,0x0000002C,20201124 # I,0x000A0670,0x0000002C,20201124
# I,0x000A0671,0x00000050,20210829 # I,0x000A0671,0x00000058,20221225
# I,0x000A0680,0x80000002,20200121 # I,0x000A0680,0x80000002,20200121
# I,0x000B0670,0x00000009,20211115 # I,0x000B0670,0x0000000E,20220220
# I,0x000B06F2,0x0000001F,20220303 # I,0x000B0671,0x00000113,20230206
# I,0x000B06F5,0x0000001F,20220303 # I,0x000B06A2,0x00004112,20230222
# I,0x000B06A3,0x00004112,20230222
# I,0x000B06E0,0x00000010,20221219
# I,0x000B06F2,0x0000002C,20230104
# I,0x000B06F5,0x0000002C,20230104
# I,0x000C06F1,0x21000030,20230410
# I,0x000C06F2,0x21000030,20230410
# A,0x00000F00,0x02000008,20070614 # A,0x00000F00,0x02000008,20070614
# A,0x00000F01,0x0000001C,20021031 # A,0x00000F01,0x0000001C,20021031
# A,0x00000F10,0x00000003,20020325 # A,0x00000F10,0x00000003,20020325
@ -6190,13 +6501,17 @@ exit 0 # ok
# A,0x00100F00,0x01000020,20070326 # A,0x00100F00,0x01000020,20070326
# A,0x00100F20,0x010000CA,20100331 # A,0x00100F20,0x010000CA,20100331
# A,0x00100F22,0x010000C9,20100331 # A,0x00100F22,0x010000C9,20100331
# A,0x00100F2A,0x01000084,20000101
# A,0x00100F40,0x01000085,20080501 # A,0x00100F40,0x01000085,20080501
# A,0x00100F41,0x010000DB,20111024 # A,0x00100F41,0x010000DB,20111024
# A,0x00100F42,0x01000092,20081021 # A,0x00100F42,0x01000092,20081021
# A,0x00100F43,0x010000C8,20100311 # A,0x00100F43,0x010000C8,20100311
# A,0x00100F52,0x010000DB,20000101
# A,0x00100F53,0x010000C8,20000101
# A,0x00100F62,0x010000C7,20100311 # A,0x00100F62,0x010000C7,20100311
# A,0x00100F80,0x010000DA,20111024 # A,0x00100F80,0x010000DA,20111024
# A,0x00100F81,0x010000D9,20111012 # A,0x00100F81,0x010000D9,20111012
# A,0x00100F91,0x010000D9,20000101
# A,0x00100FA0,0x010000DC,20111024 # A,0x00100FA0,0x010000DC,20111024
# A,0x00120F00,0x03000002,20100324 # A,0x00120F00,0x03000002,20100324
# A,0x00200F30,0x02000018,20070921 # A,0x00200F30,0x02000018,20070921
@ -6246,20 +6561,36 @@ exit 0 # ok
# A,0x00820F00,0x08200002,20180214 # A,0x00820F00,0x08200002,20180214
# A,0x00820F01,0x08200103,20190417 # A,0x00820F01,0x08200103,20190417
# A,0x00830F00,0x08300027,20190401 # A,0x00830F00,0x08300027,20190401
# A,0x00830F10,0x08301052,20211111 # A,0x00830F10,0x0830107A,20230517
# A,0x00850F00,0x08500004,20180212 # A,0x00850F00,0x08500004,20180212
# A,0x00860F00,0x0860000E,20200127 # A,0x00860F00,0x0860000E,20200127
# A,0x00860F01,0x08600106,20200619 # A,0x00860F01,0x08600109,20220328
# A,0x00860F81,0x08608103,20200702 # A,0x00860F81,0x08608104,20220328
# A,0x00870F00,0x08700004,20181206 # A,0x00870F00,0x08700004,20181206
# A,0x00870F10,0x08701021,20200125 # A,0x00870F10,0x08701030,20220328
# A,0x008A0F00,0x08A00008,20230615
# A,0x00A00F00,0x0A000033,20200413 # A,0x00A00F00,0x0A000033,20200413
# A,0x00A00F10,0x0A001053,20211217 # A,0x00A00F10,0x0A001079,20230609
# A,0x00A00F11,0x0A00115D,20211119 # A,0x00A00F11,0x0A0011D1,20230710
# A,0x00A00F12,0x0A001227,20211215 # A,0x00A00F12,0x0A001234,20230710
# A,0x00A00F80,0x0A008003,20211015 # A,0x00A00F80,0x0A008003,20211015
# A,0x00A00F82,0x0A008204,20211015 # A,0x00A00F82,0x0A008205,20220414
# A,0x00A10F00,0x0A10004B,20220309
# A,0x00A10F01,0x0A100104,20220207
# A,0x00A10F0B,0x0A100B07,20220610
# A,0x00A10F10,0x0A101020,20220913
# A,0x00A10F11,0x0A101135,20230509
# A,0x00A10F12,0x0A101235,20230509
# A,0x00A20F00,0x0A200025,20200121 # A,0x00A20F00,0x0A200025,20200121
# A,0x00A20F10,0x0A201016,20210408 # A,0x00A20F10,0x0A201025,20211014
# A,0x00A20F12,0x0A201205,20210719 # A,0x00A20F12,0x0A20120A,20211014
# A,0x00A50F00,0x0A50000C,20201208 # A,0x00A40F00,0x0A400016,20210330
# A,0x00A40F40,0x0A404002,20210408
# A,0x00A40F41,0x0A404102,20211018
# A,0x00A50F00,0x0A50000D,20211014
# A,0x00A60F00,0x0A600005,20211220
# A,0x00A60F11,0x0A601114,20220712
# A,0x00A60F12,0x0A601203,20220715
# A,0x00AA0F00,0x0AA00009,20221006
# A,0x00AA0F01,0x0AA00112,20230510
# A,0x00AA0F02,0x0AA0020E,20230510