update: fwdb from v349+i20260512+1cce to v350+i20260512+1cce, 8 microcode changes (#578 )

built from commit 44ba92635f dated 2026-06-03 14:07:02 +0200 by github-actions[bot] (41898282+github-actions[bot]@users.noreply.github.com) Co-authored-by: speed47 <218502+speed47@users.noreply.github.com>
fix: arm64: collapse per-core CPU info lists to a single line (#576 )
2026-06-17 20:13:02 +02:00 · 2026-06-03 12:08:36 +00:00 · 2026-06-02 19:30:28 +02:00 · 2026-06-02 19:30:19 +02:00 · 2026-06-02 16:57:51 +00:00 · 2026-06-01 20:58:15 +00:00
3 changed files with 725 additions and 133 deletions
@@ -40,6 +40,14 @@ CVE | Name | Aliases
 [CVE-2024-45332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45332) | Branch Privilege Injection | BPI
 [CVE-2025-54505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54505) | AMD Zen1 Floating-Point Divider Stale Data Leak | FPDSS

+The following entries are ARM64 silicon errata that the kernel actively works around. They have no assigned CVE; they are tracked only by ARM's erratum numbers. Select them with `--errata <number>` or the associated `--variant` mnemonic.
+
+ID | Name | Affected cores
+-- | ---- | --------------
+CVE-0001-0001 | Speculative AT TLB corruption (errata 1165522, 1319367, 1319537, 1530923) | Cortex-A55/A57/A72/A76
+CVE-0001-0002 | Speculative unprivileged load (errata 2966298, 3117295) | Cortex-A510/A520
+CVE-0001-0003 | MSR SSBS not self-synchronizing (erratum 3194386 + siblings) | Cortex-A76/A77/A78/A78C/A710/A715/A720/A720AE/A725, X1/X1C/X2/X3/X4/X925, Neoverse-N1/N2/N3/V1/V2/V3/V3AE
+
 ## Am I at risk?

 Depending on your situation, the table below answers whether an attacker in a given position can extract data from a given target.
@@ -272,23 +280,23 @@ In **Hardware-only** mode, the script only reports CPU information and per-CVE h

 - Get the latest version of the script using `curl` *or* `wget`

-```bash
-curl -L https://meltdown.ovh -o spectre-meltdown-checker.sh
-wget https://meltdown.ovh -O spectre-meltdown-checker.sh
-```
+    ```bash
+    curl -L https://meltdown.ovh -o spectre-meltdown-checker.sh
+    wget https://meltdown.ovh -O spectre-meltdown-checker.sh
+    ```

 - Inspect the script. You never blindly run scripts you downloaded from the Internet, do you?

-```bash
-vim spectre-meltdown-checker.sh
-```
+    ```bash
+    vim spectre-meltdown-checker.sh
+    ```

 - When you're ready, run the script as root

-```bash
-chmod +x spectre-meltdown-checker.sh
-sudo ./spectre-meltdown-checker.sh
-```
+    ```bash
+    chmod +x spectre-meltdown-checker.sh
+    sudo ./spectre-meltdown-checker.sh
+    ```

 ### Using a docker container

@@ -307,3 +307,13 @@ A weakness in AMD's microcode signature verification (AES-CMAC hash) allows load
 Exploits a synchronization failure in the AMD stack engine via an undocumented MSR bit, targeting AMD SEV-SNP confidential VMs. Requires hypervisor-level (ring 0) access.

 **Why out of scope:** Not a transient/speculative execution side channel. This is an architectural attack on AMD SEV-SNP confidential computing that requires hypervisor access, which is outside the threat model of this tool.
+
+## No CVE — Jump Conditional Code (JCC) Erratum
+
+- **Issue:** [#329](https://github.com/speed47/spectre-meltdown-checker/issues/329)
+- **Intel whitepaper:** [Mitigations for Jump Conditional Code Erratum](https://www.intel.com/content/dam/support/us/en/documents/processors/mitigations-jump-conditional-code-erratum.pdf)
+- **Affected CPUs:** Intel 6th through 10th generation Core and Xeon processors (Skylake through Cascade Lake)
+
+A microarchitectural correctness erratum where a conditional jump instruction that straddles or ends at a 64-byte instruction fetch boundary can corrupt the branch predictor state, potentially causing incorrect execution. Intel addressed this in a November 2019 microcode update. Compilers and assemblers (GCC, LLVM, binutils) also introduced alignment options (`-mbranch-alignment`, `-x86-branches-within-32B-boundaries`) to pad jump instructions away from boundary conditions, preserving performance on CPUs with updated microcode.
+
+**Why out of scope:** The JCC erratum is a microarchitectural correctness bug, not a transient or speculative execution side-channel vulnerability. No CVE was ever assigned. Red Hat noted that privilege escalation "has not been ruled out" but made no definitive security finding, and no exploit has been demonstrated. There is no Linux sysfs entry, no CPUID bit, and no MSR flag exposing the mitigation status. The microcode fix introduces no detectable hardware indicator, so checking for it would require maintaining a per-CPU-stepping minimum microcode version table (the design principle 3 exception) — costly to maintain without a CVE anchor or confirmed exploitability to justify the ongoing work. The kernel compiler mitigation is a build-time-only change (instruction alignment) with no observable runtime state.
Author	SHA1	Message	Date
github-actions[bot]	1db12cd347	update: fwdb from v349+i20260512+1cce to v350+i20260512+1cce, 8 microcode changes (#578 ) built from commit `44ba92635f` dated 2026-06-03 14:07:02 +0200 by github-actions[bot] (41898282+github-actions[bot]@users.noreply.github.com) Co-authored-by: speed47 <218502+speed47@users.noreply.github.com>	2026-06-03 12:08:36 +00:00
github-actions[bot]	c107f2b2ea	fix: arm64: collapse per-core CPU info lists to a single line (#576 ) built from commit `7d9345a32f` dated 2026-06-02 17:21:31 +0000 by Stéphane Lesimple (speed47_github@speed47.net) Store the per-core implementer/part/arch/variant/revision lists space-separated (no embedded newlines, which also cleans up JSON and prometheus output) and dedup them for the human-readable display, so homogeneous systems show e.g. "0x41" instead of repeating it per core.	2026-06-02 19:30:28 +02:00
Stéphane Lesimple	c277a7a443	Merge remote-tracking branch 'origin/master' into source-build	2026-06-02 19:30:19 +02:00
Stéphane Lesimple	26cf31b282	Merge source-build for v26.36.0601873 (#575 ) * chore: add stalebot in dryrun built from commit `afadf53f7f` dated 2026-04-02 13:13:19 +0200 by Stéphane Lesimple (speed47_github@speed47.net) * Merge branch 'test' into source built from commit `952fe6a87f` dated 2026-04-02 18:40:05 +0200 by Stéphane Lesimple (speed47_github@speed47.net) * Merge pull request #530 from speed47/test built from commit `d3c0f1a24d` dated 2026-04-02 16:49:41 +0000 by Stéphane Lesimple (speed47_github@speed47.net) chore: workflows revamp * Merge pull request #532 from speed47/test built from commit `6fac2d8ff1` dated 2026-04-02 21:32:39 +0000 by Stéphane Lesimple (speed47_github@speed47.net) Retbleed / Downfall overhald / doc updates * enh: add known fixed ucode versions for CVE-2023-23583 (Reptar) and CVE-2024-45332 (BPI) built from commit `cccb3c0081` dated 2026-04-04 17:50:04 +0200 by Stéphane Lesimple (speed47_github@speed47.net) * fix: add rebleet to --variant built from commit `7a7408d124` dated 2026-04-04 18:17:35 +0200 by Stéphane Lesimple (speed47_github@speed47.net) * Merge pull request #566 from speed47/test built from commit `3e2b6cc734` dated 2026-04-20 11:02:38 +0000 by Stéphane Lesimple (speed47_github@speed47.net) Prepare release v26.33.0420xxx * Merge pull request #571 from speed47/test built from commit `0045d237fa` dated 2026-06-01 20:44:44 +0000 by Stéphane Lesimple (speed47_github@speed47.net) Prepare next release * update: fwdb from v349+i20260227+615b to v349+i20260512+1cce, 19 microcode changes built from commit `645a79846b` dated 2026-06-01 20:56:45 +0000 by github-actions[bot] (41898282+github-actions[bot]@users.noreply.github.com) --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-06-02 16:57:51 +00:00
github-actions[bot]	68116d87fd	update: fwdb from v349+i20260227+615b to v349+i20260512+1cce, 19 microcode changes built from commit `645a79846b` dated 2026-06-01 20:56:45 +0000 by github-actions[bot] (41898282+github-actions[bot]@users.noreply.github.com)	2026-06-01 20:58:15 +00:00
Stéphane Lesimple	3f4801e6a7	autoupdate workflow: add missing pkg	2026-06-01 20:55:08 +00:00
Stéphane Lesimple	9a3688b6fd	chore: use scripts in autoupdate workflow (#572 )	2026-06-01 20:52:54 +00:00
github-actions[bot]	c060a2d2c9	Merge pull request #571 from speed47/test built from commit `0045d237fa` dated 2026-06-01 20:44:44 +0000 by Stéphane Lesimple (speed47_github@speed47.net) Prepare next release	2026-06-01 20:46:12 +00:00
Stéphane Lesimple	0c89d162a3	chore: fix autoupdate workflow	2026-05-31 14:50:31 +02:00
林博仁 Buo-ren Lin	02fa416bab	doc: readme: correct markdown indentation for unordered list items (#569 ) Signed-off-by: 林博仁(Buo-ren Lin) <buo.ren.lin@gmail.com>	2026-04-20 16:02:47 +00:00
Stéphane Lesimple	1c067add59	release v26.33.0420460 (#567 )	2026-04-20 15:18:11 +00:00
github-actions[bot]	fe0d3f49f4	Merge pull request #566 from speed47/test built from commit `3e2b6cc734` dated 2026-04-20 11:02:38 +0000 by Stéphane Lesimple (speed47_github@speed47.net) Prepare release v26.33.0420xxx	2026-04-20 11:04:05 +00:00
Stéphane Lesimple	00bb4a951c	workflow: expose reconsider_age_days input + env var	2026-04-19 14:46:56 +02:00
Stéphane Lesimple	43d5b77885	chore: workflow: add manual model + window_hours inputs, add reconsider	2026-04-19 12:55:03 +02:00
Stéphane Lesimple	78a6e4a418	chore: move cron vuln-watch workflow script files to their own branch	2026-04-19 11:14:21 +02:00
Stéphane Lesimple	5af1a9fec9	chore: workflow: add scan id	2026-04-18 16:23:47 +02:00
Stéphane Lesimple	b93027640f	chore: vuln workflow: use opus, no persist creds, conditional upload	2026-04-18 16:19:10 +02:00
Stéphane Lesimple	5c27284119	chore: workflow: save logs	2026-04-18 16:05:15 +02:00
Stéphane Lesimple	f2e5999fc0	chore: explicit prompt for workflow	2026-04-18 15:41:03 +02:00
Stéphane Lesimple	25f20b8860	chore: fix workflow perms (#558 )	2026-04-18 15:29:54 +02:00
Stéphane Lesimple	77e3dbd6b2	add scheduled vuln research (#557 )	2026-04-18 15:14:13 +02:00
Stéphane Lesimple	8a6f9d5d63	Implement ITS/VMScape/BTI and misc enhancements (#539 ) `7a7408d` fix: add rebleet to --variant `cccb3c0` enh: add known fixed ucode versions for CVE-2023-23583 (Reptar) and CVE-2024-45332 (BPI) `090f109` doc: add CVE-2023-31315 (SinkClose) to the unsupported list, add categories `5dc9c3c` chore: reorder CVE list in README.md `a00fab1` feat: implement CVE-2025-40300 (VMScape) and CVE-2024-45332 (BTI) `e0b818f` chore: stalebot: disable dryrun by default `4af1155` feat: implement CVE-2024-28956 (ITS, Indirect Target Selection) vulnerability and mitigation detection `dfed6f3` doc: add note about more unsupported CVEs `1652977` add a generated version of src/libs/003_intel_models.sh `a089ae8` fix: sys_interface_check() must set the caller's $msg var (closes #533) `cc6bbaa` chore: don't include src/ generated files in build `2717b0a` doc: CVE-2020-12965 unsupported (#478)	2026-04-04 18:38:49 +02:00
Stéphane Lesimple	73b67b4a80	Merge branch 'master' into source-build	2026-04-04 16:25:35 +00:00
github-actions[bot]	ea6b8efd18	fix: add rebleet to --variant built from commit `7a7408d124` dated 2026-04-04 18:17:35 +0200 by Stéphane Lesimple (speed47_github@speed47.net)	2026-04-04 16:23:18 +00:00
github-actions[bot]	24d92540a7	enh: add known fixed ucode versions for CVE-2023-23583 (Reptar) and CVE-2024-45332 (BPI) built from commit `cccb3c0081` dated 2026-04-04 17:50:04 +0200 by Stéphane Lesimple (speed47_github@speed47.net)	2026-04-04 16:08:25 +00:00
Stéphane Lesimple	f2d871acff	fix: spurious local keyword broke sysfs based detection (#533 ) (#534 ) The $msg var assigned in sys_interface_check() must not be local to the func, but must capture and modify the callers' own local $msg var	2026-04-03 01:31:58 +02:00
github-actions[bot]	553a9ec60f	Merge pull request #532 from speed47/test built from commit `6fac2d8ff1` dated 2026-04-02 21:32:39 +0000 by Stéphane Lesimple (speed47_github@speed47.net) Retbleed / Downfall overhald / doc updates	2026-04-02 21:33:46 +00:00
Stéphane Lesimple	83ebe2f75f	chore: update workflows (#531 ) * chore: add stalebot in dryrun built from commit `afadf53f7f` dated 2026-04-02 13:13:19 +0200 by Stéphane Lesimple (speed47_github@speed47.net) * Merge branch 'test' into source built from commit `952fe6a87f` dated 2026-04-02 18:40:05 +0200 by Stéphane Lesimple (speed47_github@speed47.net) * Merge pull request #530 from speed47/test built from commit `d3c0f1a24d` dated 2026-04-02 16:49:41 +0000 by Stéphane Lesimple (speed47_github@speed47.net) chore: workflows revamp --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-04-02 18:53:44 +02:00
Stéphane Lesimple	75ad60f42a	Merge branch 'master' into source-build	2026-04-02 16:53:03 +00:00
github-actions[bot]	931c955765	Merge pull request #530 from speed47/test built from commit `d3c0f1a24d` dated 2026-04-02 16:49:41 +0000 by Stéphane Lesimple (speed47_github@speed47.net) chore: workflows revamp	2026-04-02 16:50:52 +00:00
github-actions[bot]	c5ef0c488a	Merge branch 'test' into source built from commit `952fe6a87f` dated 2026-04-02 18:40:05 +0200 by Stéphane Lesimple (speed47_github@speed47.net)	2026-04-02 16:41:33 +00:00
github-actions[bot]	a05f8aab34	chore: add stalebot in dryrun built from commit `afadf53f7f` dated 2026-04-02 13:13:19 +0200 by Stéphane Lesimple (speed47_github@speed47.net)	2026-04-02 11:34:30 +00:00
github-actions[bot]	99301d1cbb	chore: add stalebot in dryrun built from commit `afadf53f7f` dated 2026-04-02 13:13:19 +0200 by Stéphane Lesimple (speed47_github@speed47.net)	2026-04-02 13:33:36 +02:00
github-actions[bot]	f9c3d19f72	enh: CVE-2017-5715; check for unprivileged eBPF for paranoid mode built from commit `e5c6d2d905` dated 2026-04-01 20:37:54 +0000 by Stéphane Lesimple (speed47_github@speed47.net)	2026-04-01 21:30:51 +00:00
github-actions[bot]	8389d9593c	chore: prepare for dev-build renaming to test-build built from commit 9497abbee2723cedc561b6b785fe01fbe965ec1c dated 2026-03-31 19:34:52 +0200 by Stéphane Lesimple (speed47_github@speed47.net)	2026-04-01 21:30:51 +00:00
Stéphane Lesimple	3a822fdcf2	chore: master: remove obsolete workflow	2026-03-31 19:53:57 +02:00