feat(downfall): detection of the kernel mitigation relying on dmesg

feat: downfall: add kernel soft mitigation support check
feat(downfall): add downfall checks
2025-07-15 07:11:22 +02:00 · 2023-08-10 11:14:40 +02:00 · 2023-08-10 11:14:40 +02:00 · 2023-08-10 11:14:40 +02:00 · 2023-08-09 10:35:08 +02:00 · 2023-08-01 10:22:15 +02:00
4 changed files with 506 additions and 143 deletions
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@ -24,7 +24,7 @@ jobs:
        fi
    - name: check direct execution
      run: |
-        expected=16
+        expected=17
        nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
          echo "Invalid number of CVEs reported: $nb instead of $expected"
@ -34,7 +34,7 @@ jobs:
        fi
    - name: check docker-compose run execution
      run: |
-        expected=16
+        expected=17
        docker-compose build
        nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
@ -45,7 +45,7 @@ jobs:
        fi
    - name: check docker run execution
      run: |
-        expected=16
+        expected=17
        docker build -t spectre-meltdown-checker .
        nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
--- a/FAQ.md
+++ b/FAQ.md
@ -45,9 +45,9 @@ Software vulnerability:

 Hardware vulnerability:
 - Can be fixed? No, only mitigated (or buy new hardware!)
- How to ~~fix~~ mitigate? In the worst case scenario, 5 "layers" need to be updated: the microcode/firmware, the host OS kernel, the hypervisor, the VM OS kernel, and possibly all the software running on the VM.
+- How to ~~fix~~ mitigate? In the worst case scenario, 5 "layers" need to be updated: the microcode/firmware, the host OS kernel, the hypervisor, the VM OS kernel, and possibly all the software running on the machine. Sometimes only a subset of those layers need to be updated. In yet other cases, there can be several possible mitigations for the same vulnerability, implying different layers. Yes, it can get horribly complicated.

-A more detailed video explanation is available here: https://youtu.be/2gB9U1EcCss?t=85
+A more detailed video explanation is available here: https://youtu.be/2gB9U1EcCss?t=425

 ## What do "affected", "vulnerable" and "mitigated" mean exactly?

@ -75,7 +75,7 @@ There are a few rules that govern how this tool is written.

 A lot as changed since 2018. Nowadays, the industry adapted and this range of vulnerabilities is almost "business as usual", as software vulnerabilities are. However, due to their complexity, it's still not as easy as just checking a version number to ensure a vulnerability is closed.

-Granted, we now have a standard way under Linux to check whether our system is affected, vulnerable, mitigated against most of these vulnerabilities. By having a look at the `sysfs` hierarchy, and more precisely the `/sys/devices/system/cpu/vulnerabilities/` folder, one can have a pretty good insight about its system state for each of the listed vulnerabilities. Note that the output can be a little different with some vendors (e.g. Red Hat has some slightly different output than the vanilla kernel for some vulnerabilities), but it's still a gigantic leap forward, given where we were in 2018 when this script was started, and it's very good news. The kernel is the proper place to have this because the kernel knows everything about itself (the mitigations it might have), and the CPU (its model, and microcode features that are exposed).
+Granted, we now have a standard way under Linux to check whether our system is affected, vulnerable, mitigated against most of these vulnerabilities. By having a look at the `sysfs` hierarchy, and more precisely the `/sys/devices/system/cpu/vulnerabilities/` folder, one can have a pretty good insight about its system state for each of the listed vulnerabilities. Note that the output can be a little different with some vendors (e.g. Red Hat has some slightly different output than the vanilla kernel for some vulnerabilities), but it's still a gigantic leap forward, given where we were in 2018 when this script was started, and it's very good news. The kernel is the proper place to have this because the kernel knows everything about itself (the mitigations it might have), and the CPU (its model, and microcode features that are exposed). Note however that some vulnerabilities are not reported through this file hierarchy at all, such as Zenbleed.

 However I see a few reasons why this script might still be useful to you, and that's why its development has not halted when the `sysfs` hierarchy came out:

@ -109,12 +109,14 @@ This tool only supports Linux, and [some flavors of BSD](#which-bsd-oses-are-sup

 ## The tool says there is an updated microcode for my CPU, but I don't have it!

-Even if your operating system is fully up to date, the tool might still tell you that there is a more recent microcode version for your CPU. Currently, it uses (and merges) information from two sources:
+Even if your operating system is fully up to date, the tool might still tell you that there is a more recent microcode version for your CPU. Currently, it uses (and merges) information from 4 sources:

 - The official [Intel microcode repository](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files)
 - The awesome platomav's [MCExtractor database](https://github.com/platomav/MCExtractor) for non-Intel CPUs
+- The official [linux-firmware](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git) repository for AMD
+- Specific Linux kernel commits that sometimes hardcode microcode versions, such as for [Zenbleed](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=522b1d69219d8f083173819fde04f994aa051a98) or for the bad [Spectre](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/intel.c#n141) microcodes

-Generally, for Intel CPUs it means that Intel does have a more recent version for your CPU, and for other CPUs it means that a more recent version has already been seen in the wild. However, your OS vendor might have chosen not to ship this new version (yet), maybe because it's currently being tested, or for other reasons. This tool can't tell you when or if this will be the case. You should ask your vendor about it. Technically, you can still go and upgrade your microcode yourself, and use this tool to confirm whether you did it successfully. Updating the microcode for you is out of the scope of this tool, as this would violate [rule 1b](#what-are-the-main-design-decisions-regarding-this-script).
+Generally, it means a more recent version of the microcode has been seen in the wild. However, fully public availability of this microcode might be limited yet, or your OS vendor might have chosen not to ship this new version (yet), maybe because it's currently being tested, or for other reasons. This tool can't tell you when or if this will be the case. You should ask your vendor about it. Technically, you can still go and upgrade your microcode yourself, and use this tool to confirm whether you did it successfully. Updating the microcode for you is out of the scope of this tool, as this would violate [rule 1b](#what-are-the-main-design-decisions-regarding-this-script).

 ## The tool says that I need a more up-to-date microcode, but I have the more recent version!

--- a/README.md
+++ b/README.md
@ -20,6 +20,7 @@ CVE
 [CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135) | TSX asynchronous abort                              | TAA, ZombieLoad V2
 [CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207) | Machine Check Exception on Page Size Changes        | MCEPSC, No eXcuses, iTLB Multihit
 [CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543)   | Special Register Buffer Data Sampling               | SRBDS
+[CVE-2022-40982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982) | Gather Data Sampling                                | GDS, Downfall
 [CVE-2023-20593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593) | Cross-Process Information Leak                      | Zenbleed

 Supported operating systems:
@ -180,6 +181,12 @@ docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/m
   - Mitigation: microcode update + kernel update helping to protect various CPU internal buffers from unprivileged speculative access to data
   - Performance impact of the mitigation: low

+**CVE-2022-40982** Gather Data Sampling (GDS, Downfall)
+
+   - Impact: Kernel & all software
+   - Mitigation: either microcode update or disabling AVX feature
+   - Performance impact of the mitigation: TBD
+
 **CVE-2023-20593** Cross-Process Information Leak (Zenbleed)

   - Impact: Kernel & all software
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@ -95,6 +95,7 @@ show_usage()
 		--hw-only		only check for CPU information, don't check for any variant
 		--no-hw			skip CPU information and checks, if you're inspecting a kernel not to be run on this host
 		--vmm [auto,yes,no]	override the detection of the presence of a hypervisor, default: auto
+		--no-intel-db		don't use the builtin Intel DB of affected processors
 		--allow-msr-write	allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system
 		--cpu [#,all]		interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0)
 		--update-fwdb		update our local copy of the CPU microcodes versions database (using the awesome
@ -118,24 +119,27 @@ show_disclaimer()
 Disclaimer:

 This tool does its best to determine whether your system is immune (or has proper mitigations in place) for the
-collectively named "speculative execution" vulnerabilities. It doesn't attempt to run any kind of exploit, and can't guarantee
-that your system is secure, but rather helps you verifying whether your system has the known correct mitigations in place.
+collectively named "transient execution" (aka "speculative execution") vulnerabilities that started to appear
+since early 2018 with the infamous Spectre & Meltdown.
+
+This tool does NOT attempt to run any kind of exploit, and can't 100% guarantee that your system is secure,
+but rather helps you verifying whether your system has the known correct mitigations in place.
 However, some mitigations could also exist in your kernel that this script doesn't know (yet) how to detect, or it might
 falsely detect mitigations that in the end don't work as expected (for example, on backported or modified kernels).

-Your system exposure also depends on your CPU. As of now, AMD and ARM processors are marked as immune to some or all of these
-vulnerabilities (except some specific ARM models). All Intel processors manufactured since circa 1995 are thought to be vulnerable,
-except some specific/old models, such as some early Atoms. Whatever processor one uses, one might seek more information
-from the manufacturer of that processor and/or of the device in which it runs.
+Your system affectability to a given vulnerability depends on your CPU model and CPU microcode version, whereas the
+mitigations in place depend on your CPU (model and microcode), your kernel version, and both the runtime configuration
+of your CPU (through bits set through the MSRs) and your kernel. The script attempts to explain everything for each
+vulnerability, so you know where your system stands. For a given vulnerability, detailed information is sometimes
+available using the \`--explain\` switch.

-The nature of the discovered vulnerabilities being quite new, the landscape of vulnerable processors can be expected
-to change over time, which is why this script makes the assumption that all CPUs are vulnerable, except if the manufacturer
-explicitly stated otherwise in a verifiable public announcement.
+Please also note that for the Spectre-like vulnerabilities, all software can possibly be exploited, in which case
+this tool only verifies that the kernel (which is the core of the system) you're using has the proper protections
+in place. Verifying all the other software is out of the scope of this tool, as it can't be done in a simple way.
+As a general measure, ensure you always have the most up to date stable versions of all the software you use,
+especially for those who are exposed to the world, such as network daemons and browsers.

-Please also note that for Spectre vulnerabilities, all software can possibly be exploited, this tool only verifies that the
-kernel (which is the core of the system) you're using has the proper protections in place. Verifying all the other software
-is out of the scope of this tool. As a general measure, ensure you always have the most up to date stable versions of all
-the software you use, especially for those who are exposed to the world, such as network daemons and browsers.
+For more information and answers to related questions, please refer to the FAQ.md file.

 This tool has been released in the hope that it'll be useful, but don't use it to jump to conclusions about your security.

@ -167,12 +171,13 @@ opt_cpu=0
 opt_explain=0
 opt_paranoid=0
 opt_mock=0
+opt_intel_db=1

 global_critical=0
 global_unknown=0
 nrpe_vuln=''

-supported_cve_list='CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 CVE-2018-3640 CVE-2018-3639 CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 CVE-2019-11135 CVE-2018-12207 CVE-2020-0543 CVE-2023-20593'
+supported_cve_list='CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 CVE-2018-3640 CVE-2018-3639 CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 CVE-2019-11135 CVE-2018-12207 CVE-2020-0543 CVE-2023-20593 CVE-2022-40982'

 # find a sane command to print colored messages, we prefer `printf` over `echo`
 # because `printf` behavior is more standard across Linux/BSD
@ -298,6 +303,7 @@ cve2name()
 		CVE-2018-12207) echo "No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)";;
 		CVE-2020-0543) echo "Special Register Buffer Data Sampling (SRBDS)";;
 		CVE-2023-20593) echo "Zenbleed, cross-process information leak";;
+		CVE-2022-40982) echo "Downfall, gather data sampling (GDS)";;
 		*) echo "$0: error: invalid CVE '$1' passed to cve2name()" >&2; exit 255;;
 	esac
 }
@ -323,6 +329,7 @@ _is_cpu_affected_cached()
 		CVE-2018-12207) return $variant_itlbmh;;
 		CVE-2020-0543) return $variant_srbds;;
 		CVE-2023-20593) return $variant_zenbleed;;
+		CVE-2022-40982) return $variant_downfall;;
 		*) echo "$0: error: invalid variant '$1' passed to is_cpu_affected()" >&2; exit 255;;
 	esac
 }
@ -334,6 +341,44 @@ is_cpu_affected()
 	# (note that in shell, a return of 0 is success)
 	# by default, everything is affected, we work in a "whitelist" logic here.
 	# usage: is_cpu_affected CVE-xxxx-yyyy && do something if affected
+
+	# if CPU is Intel and is in our dump of the Intel official affected CPUs page, use it:
+	if is_intel; then
+		cpuid_hex=$(printf "0x%08X" $(( cpu_cpuid )) )
+		if [ "${intel_line:-}" = "no" ]; then
+			_debug "is_cpu_affected: $cpuid_hex not in Intel database (cached)"
+		elif [ -z "$intel_line" ]; then
+			intel_line=$(read_inteldb | grep -F "$cpuid_hex," | head -n1)
+			if [ -z "$intel_line" ]; then
+				intel_line=no
+				_debug "is_cpu_affected: $cpuid_hex not in Intel database"
+			fi
+		fi
+		if [ "$intel_line" != "no" ]; then
+			_result=$(echo "$intel_line" | grep -Eo ,"$(echo "$1" | cut -c5-)"'=[^,]+' | cut -d= -f2)
+			_debug "is_cpu_affected: inteldb for $1 says '$_result'"
+
+			# handle special case for Foreshadow SGX (CVE-2018-3615):
+			# even if we are affected to L1TF (CVE-2018-3620/CVE-2018-3646), if there's no SGX on our CPU,
+			# then we're not affected to the original Foreshadow.
+			if [ "$1" = "CVE-2018-3615" ] && [ "$cpuid_sgx" = 0 ]; then
+				# not affected
+				return 1
+			fi
+			# /special case
+
+			if [ "$_result" = "N" ]; then
+				# not affected
+				return 1
+			elif [ -n "$_result" ]; then
+				# non-empty string != N means affected
+				return 0
+			fi
+		fi
+	fi
+
+	# Otherwise, do it ourselves
+
 	if [ "$is_cpu_affected_cached" = 1 ]; then
 		_is_cpu_affected_cached "$1"
 		return $?
@ -352,8 +397,10 @@ is_cpu_affected()
 	variant_taa=''
 	variant_itlbmh=''
 	variant_srbds=''
-	# Zenbleed if extremely AMD specific, look for "is_and" below:
+	# Zenbleed is AMD specific, look for "is_amd" below:
 	variant_zenbleed=immune
+	# Downfall is Intel specific, look for "is_intel" below:
+	variant_downfall=immune

 	if is_cpu_mds_free; then
 		[ -z "$variant_msbds" ] && variant_msbds=immune
@ -461,6 +508,39 @@ is_cpu_affected()
 			_debug "is_cpu_affected: intel family < 6 is immune to l1tf"
 			[ -z "$variantl1tf" ] && variantl1tf=immune
 		fi
+		# Downfall
+		if [ "$capabilities_gds_no" = 1 ]; then
+			# capability bit for future Intel processors that will explicitly state
+			# that they're unaffected by GDS. Also set by hypervisors on virtual CPUs
+			# so that the guest kernel doesn't try to mitigate GDS when it's already mitigated on the host
+			_debug "is_cpu_affected: downfall: not affected (GDS_NO)"
+		elif [ "$cpu_family" = 6 ]; then
+			# list from https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=64094e7e3118aff4b0be8ff713c242303e139834
+			set -u
+			if [ "$cpu_model" = "$INTEL_FAM6_SKYLAKE_X" ] || \
+				[ "$cpu_model" = "$INTEL_FAM6_KABYLAKE_L" ] || \
+				[ "$cpu_model" = "$INTEL_FAM6_KABYLAKE" ] || \
+				[ "$cpu_model" = "$INTEL_FAM6_ICELAKE_L" ] || \
+				[ "$cpu_model" = "$INTEL_FAM6_ICELAKE_D" ] || \
+				[ "$cpu_model" = "$INTEL_FAM6_ICELAKE_X" ] || \
+				[ "$cpu_model" = "$INTEL_FAM6_COMETLAKE" ] || \
+				[ "$cpu_model" = "$INTEL_FAM6_COMETLAKE_L" ] || \
+				[ "$cpu_model" = "$INTEL_FAM6_TIGERLAKE_L" ] || \
+				[ "$cpu_model" = "$INTEL_FAM6_TIGERLAKE" ] || \
+				[ "$cpu_model" = "$INTEL_FAM6_ROCKETLAKE" ]; then
+				_debug "is_cpu_affected: downfall: affected"
+				variant_downfall=vuln
+			elif [ "$has_avx2" = 0 ] && [ "$has_avx512" = 0 ]; then
+				_debug "is_cpu_affected: downfall: no avx; immune"
+			else
+				# old Intel CPU (not in their DB), not listed as being affected by the Linux kernel,
+				# but with AVX2 or AVX512: unclear for now
+				_debug "is_cpu_affected: downfall: unclear, defaulting to non-affected for now"
+			fi
+			set +u
+		fi
+
+
 	elif is_amd || is_hygon; then
 		# AMD revised their statement about variant2 => affected
 		# https://www.amd.com/en/corporate/speculative-execution
@ -622,20 +702,21 @@ is_cpu_affected()
 	fi

 	_debug "is_cpu_affected: temp results are <$variant1> <$variant2> <$variant3> <$variant3a> <$variant4> <$variantl1tf>"
-	[ "$variant1"       = "immune" ] && variant1=1       || variant1=0
-	[ "$variant2"       = "immune" ] && variant2=1       || variant2=0
-	[ "$variant3"       = "immune" ] && variant3=1       || variant3=0
-	[ "$variant3a"      = "immune" ] && variant3a=1      || variant3a=0
-	[ "$variant4"       = "immune" ] && variant4=1       || variant4=0
-	[ "$variantl1tf"    = "immune" ] && variantl1tf=1    || variantl1tf=0
-	[ "$variant_msbds"  = "immune" ] && variant_msbds=1  || variant_msbds=0
-	[ "$variant_mfbds"  = "immune" ] && variant_mfbds=1  || variant_mfbds=0
-	[ "$variant_mlpds"  = "immune" ] && variant_mlpds=1  || variant_mlpds=0
-	[ "$variant_mdsum"  = "immune" ] && variant_mdsum=1  || variant_mdsum=0
-	[ "$variant_taa"    = "immune" ] && variant_taa=1    || variant_taa=0
-	[ "$variant_itlbmh" = "immune" ] && variant_itlbmh=1 || variant_itlbmh=0
-	[ "$variant_srbds" = "immune" ] && variant_srbds=1 || variant_srbds=0
+	[ "$variant1"         = "immune" ] && variant1=1       || variant1=0
+	[ "$variant2"         = "immune" ] && variant2=1       || variant2=0
+	[ "$variant3"         = "immune" ] && variant3=1       || variant3=0
+	[ "$variant3a"        = "immune" ] && variant3a=1      || variant3a=0
+	[ "$variant4"         = "immune" ] && variant4=1       || variant4=0
+	[ "$variantl1tf"      = "immune" ] && variantl1tf=1    || variantl1tf=0
+	[ "$variant_msbds"    = "immune" ] && variant_msbds=1  || variant_msbds=0
+	[ "$variant_mfbds"    = "immune" ] && variant_mfbds=1  || variant_mfbds=0
+	[ "$variant_mlpds"    = "immune" ] && variant_mlpds=1  || variant_mlpds=0
+	[ "$variant_mdsum"    = "immune" ] && variant_mdsum=1  || variant_mdsum=0
+	[ "$variant_taa"      = "immune" ] && variant_taa=1    || variant_taa=0
+	[ "$variant_itlbmh"   = "immune" ] && variant_itlbmh=1 || variant_itlbmh=0
+	[ "$variant_srbds"    = "immune" ] && variant_srbds=1 || variant_srbds=0
 	[ "$variant_zenbleed" = "immune" ] && variant_zenbleed=1 || variant_zenbleed=0
+	[ "$variant_downfall" = "immune" ] && variant_downfall=1 || variant_downfall=0
 	variantl1tf_sgx="$variantl1tf"
 	# even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow
 	[ "$cpuid_sgx" = 0 ] && variantl1tf_sgx=1
@ -881,6 +962,29 @@ fms2cpuid()
 	echo $(( (_stepping & 0x0F) | (_lowmodel << 4) | (_lowfamily << 8) | (_extmodel << 16) | (_extfamily << 20) ))
 }

+download_file()
+{
+	_url="$1"
+	_file="$2"
+	if command -v wget >/dev/null 2>&1; then
+		wget -q "$_url" -O "$_file"; ret=$?
+	elif command -v curl >/dev/null 2>&1; then
+		curl -sL "$_url" -o "$_file"; ret=$?
+	elif command -v fetch >/dev/null 2>&1; then
+		fetch -q "$_url" -o "$_file"; ret=$?
+	else
+		echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
+		unset _file _url
+		return 1
+	fi
+	unset _file _url
+	if [ "$ret" != 0 ]; then
+		echo ERROR "error $ret"
+		return $ret
+	fi
+	echo DONE
+}
+
 [ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)"
 mcedb_cache="$HOME/.mcedb"
 update_fwdb()
@ -897,42 +1001,14 @@ update_fwdb()
 	mcedb_tmp="$(mktemp -t smc-mcedb-XXXXXX)"
 	mcedb_url='https://github.com/platomav/MCExtractor/raw/master/MCE.db'
 	_info_nol "Fetching MCE.db from the MCExtractor project... "
-	if command -v wget >/dev/null 2>&1; then
-		wget -q "$mcedb_url" -O "$mcedb_tmp"; ret=$?
-	elif command -v curl >/dev/null 2>&1; then
-		curl -sL "$mcedb_url" -o "$mcedb_tmp"; ret=$?
-	elif command -v fetch >/dev/null 2>&1; then
-		fetch -q "$mcedb_url" -o "$mcedb_tmp"; ret=$?
-	else
-		echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
-		return 1
-	fi
-	if [ "$ret" != 0 ]; then
-		echo ERROR "error $ret while downloading MCE.db"
-		return $ret
-	fi
-	echo DONE
+	download_file "$mcedb_url" "$mcedb_tmp" || return $?

 	# second, get the Intel firmwares from GitHub
 	intel_tmp="$(mktemp -d -t smc-intelfw-XXXXXX)"
 	intel_url="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip"
 	_info_nol "Fetching Intel firmwares... "
 	## https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git
-	if command -v wget >/dev/null 2>&1; then
-		wget -q "$intel_url" -O "$intel_tmp/fw.zip"; ret=$?
-	elif command -v curl >/dev/null 2>&1; then
-		curl -sL "$intel_url" -o "$intel_tmp/fw.zip"; ret=$?
-	elif command -v fetch >/dev/null 2>&1; then
-		fetch -q "$intel_url" -o "$intel_tmp/fw.zip"; ret=$?
-	else
-		echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
-		return 1
-	fi
-	if [ "$ret" != 0 ]; then
-		echo ERROR "error $ret while downloading Intel firmwares"
-		return $ret
-	fi
-	echo DONE
+	download_file "$intel_url" "$intel_tmp/fw.zip" || return $?

 	# now extract MCEdb contents using sqlite
 	_info_nol "Extracting MCEdb data... "
@ -1001,23 +1077,9 @@ update_fwdb()

 	# now parse the most recent linux-firmware amd-ucode README file
 	_info_nol "Fetching latest amd-ucode README from linux-firmware project... "
-	linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/README"
+	linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/amd-ucode/README"
 	linuxfw_tmp=$(mktemp -t smc-linuxfw-XXXXXX)
-	if command -v wget >/dev/null 2>&1; then
-		wget -q "$linuxfw_url" -O "$linuxfw_tmp"; ret=$?
-	elif command -v curl >/dev/null 2>&1; then
-		curl -sL "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
-	elif command -v fetch >/dev/null 2>&1; then
-		fetch -q "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
-	else
-		echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
-		return 1
-	fi
-	if [ "$ret" != 0 ]; then
-		echo ERROR "error $ret while downloading linux-firmware README"
-		return $ret
-	fi
-	echo DONE
+	download_file "$linuxfw_url" "$linuxfw_tmp" || return $?

 	_info_nol "Parsing the README... "
 	nbfound=0
@ -1042,6 +1104,10 @@ update_fwdb()
 	unset nbfound

 	dbversion="$mcedb_revision+i$_intel_latest_date"
+	linuxfw_hash=$(md5sum "$linuxfw_tmp" 2>/dev/null | cut -c1-4)
+	if [ -n "$linuxfw_hash" ]; then
+		dbversion="$dbversion+$linuxfw_hash"
+	fi

 	if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then
 		echo "We already have this version locally, no update needed"
@ -1143,6 +1209,9 @@ while [ -n "${1:-}" ]; do
 	elif [ "$1" = "--allow-msr-write" ]; then
 		opt_allow_msr_write=1
 		shift
+	elif [ "$1" = "--no-intel-db" ]; then
+		opt_intel_db=0
+		shift
 	elif [ "$1" = "--cpu" ]; then
 		opt_cpu=$2
 		if [ "$opt_cpu" != all ]; then
@ -1222,7 +1291,7 @@ while [ -n "${1:-}" ]; do
 		fi
 		case "$2" in
 			help)	echo "The following parameters are supported for --variant (can be used multiple times):";
-					echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, zenbleed";
+					echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, zenbleed, downfall";
 					exit 0;;
 			1)			opt_cve_list="$opt_cve_list CVE-2017-5753"; opt_cve_all=0;;
 			2)			opt_cve_list="$opt_cve_list CVE-2017-5715"; opt_cve_all=0;;
@ -1238,6 +1307,7 @@ while [ -n "${1:-}" ]; do
 			mcepsc)		opt_cve_list="$opt_cve_list CVE-2018-12207"; opt_cve_all=0;;
 			srbds)		opt_cve_list="$opt_cve_list CVE-2020-0543"; opt_cve_all=0;;
 			zenbleed)	opt_cve_list="$opt_cve_list CVE-2023-20593"; opt_cve_all=0;;
+			downfall)   opt_cve_list="$opt_cve_list CVE-2022-40982"; opt_cve_all=0;;
 			*)
 				echo "$0: error: invalid parameter '$2' for --variant, see --variant help for a list" >&2;
 				exit 255
@ -1331,6 +1401,7 @@ pvulnstatus()
 			CVE-2018-12207) aka="ITLBMH";;
 			CVE-2020-0543) aka="SRBDS";;
 			CVE-2023-20593) aka="ZENBLEED";;
+			CVE-2022-40982) aka="DOWNFALL";;
 			*) echo "$0: error: invalid CVE '$1' passed to pvulnstatus()" >&2; exit 255;;
 		esac

@ -1755,7 +1826,11 @@ parse_cpu_details()
 	fi
 	max_core_id=$(( number_of_cores - 1 ))

+	has_avx2=0
+	has_avx512=0
 	if [ -e "$procfs/cpuinfo" ]; then
+		if grep -qw avx2 "$procfs/cpuinfo" 2>/dev/null; then has_avx2=1; fi
+		if grep -qw avx512 "$procfs/cpuinfo" 2>/dev/null; then has_avx512=1; fi
 		cpu_vendor=$(  grep '^vendor_id'  "$procfs/cpuinfo" | awk '{print $3}' | head -1)
 		cpu_friendly_name=$(grep '^model name' "$procfs/cpuinfo" | cut -d: -f2- | head -1 | sed -e 's/^ *//')
 		# special case for ARM follows
@ -1835,7 +1910,9 @@ parse_cpu_details()
 	if read_cpuid 0x1 0x0 $EAX 0 0xFFFFFFFF; then
 		cpu_cpuid="$read_cpuid_value"
 	else
-		cpu_cpuid=0
+		# try to build it by ourselves
+		_debug "parse_cpu_details: build the CPUID by ourselves"
+		cpu_cpuid=$(fms2cpuid "$cpu_family" "$cpu_model" "$cpu_stepping")
 	fi

 	# under BSD, linprocfs often doesn't export ucode information, so fetch it ourselves the good old way
@ -1943,18 +2020,21 @@ parse_cpu_details()
 }
 is_hygon()
 {
+	parse_cpu_details
 	[ "$cpu_vendor" = HygonGenuine ] && return 0
 	return 1
 }

 is_amd()
 {
+	parse_cpu_details
 	[ "$cpu_vendor" = AuthenticAMD ] && return 0
 	return 1
 }

 is_intel()
 {
+	parse_cpu_details
 	[ "$cpu_vendor" = GenuineIntel ] && return 0
 	return 1
 }
@ -2213,6 +2293,14 @@ read_mcedb()
 	awk '{ if (DELIM==1) { print $2 } } /^# %%% MCEDB / { DELIM=1 }' "$mcedb_source"
 }

+read_inteldb()
+{
+	if [ "$opt_intel_db" = 1 ]; then
+		awk '/^# %%% ENDOFINTELDB/ { exit } { if (DELIM==1) { print $2 } } /^# %%% INTELDB/ { DELIM=1 }' "$0"
+	fi
+	# otherwise don't output nothing, it'll be as if the database is empty
+}
+
 is_latest_known_ucode()
 {
 	# 0: yes, 1: no, 2: unknown
@ -3229,6 +3317,8 @@ check_cpu()
 		capabilities_ssb_no=-1
 		capabilities_pschange_msc_no=-1
 		capabilities_tsx_ctrl_msr=-1
+		capabilities_gds_ctrl=-1
+		capabilities_gds_no=-1
 		if [ "$cpuid_arch_capabilities" = -1 ]; then
 			pstatus yellow UNKNOWN
 		elif [ "$cpuid_arch_capabilities" != 1 ]; then
@ -3241,6 +3331,8 @@ check_cpu()
 			capabilities_ssb_no=0
 			capabilities_pschange_msc_no=0
 			capabilities_tsx_ctrl_msr=0
+			capabilities_gds_ctrl=0
+			capabilities_gds_no=0
 			pstatus yellow NO
 		else
 			# the new MSR 'ARCH_CAPABILITIES' is at offset 0x10a
@ -3254,19 +3346,23 @@ check_cpu()
 			capabilities_ssb_no=0
 			capabilities_pschange_msc_no=0
 			capabilities_tsx_ctrl_msr=0
+			capabilities_gds_ctrl=0
+			capabilities_gds_no=0
 			if [ $ret = $READ_MSR_RET_OK ]; then
 				capabilities=$read_msr_value
 				# https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/include/asm/msr-index.h#n82
 				_debug "capabilities MSR is $capabilities (decimal)"
-				[ $(( capabilities >> 0 & 1 )) -eq 1 ] && capabilities_rdcl_no=1
-				[ $(( capabilities >> 1 & 1 )) -eq 1 ] && capabilities_ibrs_all=1
-				[ $(( capabilities >> 2 & 1 )) -eq 1 ] && capabilities_rsba=1
-				[ $(( capabilities >> 3 & 1 )) -eq 1 ] && capabilities_l1dflush_no=1
-				[ $(( capabilities >> 4 & 1 )) -eq 1 ] && capabilities_ssb_no=1
-				[ $(( capabilities >> 5 & 1 )) -eq 1 ] && capabilities_mds_no=1
-				[ $(( capabilities >> 6 & 1 )) -eq 1 ] && capabilities_pschange_msc_no=1
-				[ $(( capabilities >> 7 & 1 )) -eq 1 ] && capabilities_tsx_ctrl_msr=1
-				[ $(( capabilities >> 8 & 1 )) -eq 1 ] && capabilities_taa_no=1
+				[ $(( capabilities >>  0 & 1 )) -eq 1 ] && capabilities_rdcl_no=1
+				[ $(( capabilities >>  1 & 1 )) -eq 1 ] && capabilities_ibrs_all=1
+				[ $(( capabilities >>  2 & 1 )) -eq 1 ] && capabilities_rsba=1
+				[ $(( capabilities >>  3 & 1 )) -eq 1 ] && capabilities_l1dflush_no=1
+				[ $(( capabilities >>  4 & 1 )) -eq 1 ] && capabilities_ssb_no=1
+				[ $(( capabilities >>  5 & 1 )) -eq 1 ] && capabilities_mds_no=1
+				[ $(( capabilities >>  6 & 1 )) -eq 1 ] && capabilities_pschange_msc_no=1
+				[ $(( capabilities >>  7 & 1 )) -eq 1 ] && capabilities_tsx_ctrl_msr=1
+				[ $(( capabilities >>  8 & 1 )) -eq 1 ] && capabilities_taa_no=1
+				[ $(( capabilities >> 25 & 1 )) -eq 1 ] && capabilities_gds_ctrl=1
+				[ $(( capabilities >> 26 & 1 )) -eq 1 ] && capabilities_gds_no=1
 				_debug "capabilities says rdcl_no=$capabilities_rdcl_no ibrs_all=$capabilities_ibrs_all rsba=$capabilities_rsba l1dflush_no=$capabilities_l1dflush_no ssb_no=$capabilities_ssb_no mds_no=$capabilities_mds_no taa_no=$capabilities_taa_no pschange_msc_no=$capabilities_pschange_msc_no"
 				if [ "$capabilities_ibrs_all" = 1 ]; then
 					pstatus green YES
@ -3378,6 +3474,55 @@ check_cpu()
 				pstatus yellow UNKNOWN "couldn't read MSR"
 			fi
 		fi
+
+		_info_nol "  * CPU explicitly indicates being affected by GDS and having mitigation control (GDS_CTRL): "
+		if [ "$capabilities_gds_ctrl" = -1 ]; then
+			pstatus yellow UNKNOWN "couldn't read MSR"
+		elif [ "$capabilities_gds_ctrl" = 1 ]; then
+			pstatus green YES
+		else
+			pstatus blue NO
+		fi
+
+		mcu_opt_ctrl_gds_mitg_dis=-1
+		mcu_opt_ctrl_gds_mitg_lock=-1
+		if [ "$capabilities_gds_ctrl" = 1 ]; then
+			# read the IA32_MCU_OPT_CTRL MSR
+			read_msr 0x123; ret=$?
+			if [ "$ret" = $READ_MSR_RET_OK ]; then
+				mcu_opt_ctrl=$read_msr_value
+				mcu_opt_ctrl_gds_mitg_dis=$((  mcu_opt_ctrl >> 4 & 1 ))
+				mcu_opt_ctrl_gds_mitg_lock=$(( mcu_opt_ctrl >> 5 & 1 ))
+			fi
+
+			_info_nol "    * GDS microcode mitigation is disabled (GDS_MITG_DIS): "
+			if [ "$mcu_opt_ctrl_gds_mitg_dis" = -1 ]; then
+				pstatus yellow UNKNOWN "couldn't read MSR"
+			elif [ "$mcu_opt_ctrl_gds_mitg_dis" = 1 ]; then
+				pstatus yellow YES
+			else
+				pstatus green NO
+			fi
+
+			_info_nol "    * GDS microcode mitigation is locked in enabled state (GDS_MITG_LOCK): "
+			if [ "$mcu_opt_ctrl_gds_mitg_lock" = -1 ]; then
+				pstatus yellow UNKNOWN "couldn't read MSR"
+			elif [ "$mcu_opt_ctrl_gds_mitg_lock" = 1 ]; then
+				pstatus blue YES
+			else
+				pstatus blue NO
+			fi
+		fi
+
+		_info_nol "  * CPU explicitly indicates not being affected by GDS (GDS_NO): "
+		if [ "$capabilities_gds_no" = -1 ]; then
+			pstatus yellow UNKNOWN "couldn't read MSR"
+		elif [ "$capabilities_gds_no" = 1 ]; then
+			pstatus green YES
+		else
+			pstatus yellow NO
+		fi
+
 	fi

 	_info_nol "  * CPU supports Transactional Synchronization Extensions (TSX): "
@ -5821,8 +5966,8 @@ check_CVE_2020_0543_linux()
 	sys_interface_available=0
 	msg=''
 	if sys_interface_check "/sys/devices/system/cpu/vulnerabilities/srbds"; then
-				# this kernel has the /sys interface, trust it over everything
-				sys_interface_available=1
+		# this kernel has the /sys interface, trust it over everything
+		sys_interface_available=1
 	fi
 	if [ "$opt_sysfs_only" != 1 ]; then
 		_info_nol "* SRBDS mitigation control is supported by the kernel: "
@ -6045,6 +6190,92 @@ check_CVE_2023_20593_linux()
 	fi
 }

+#########################
+# Downfall section
+
+check_CVE_2022_40982() {
+	cve='CVE-2022-40982'
+	_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
+	if [ "$os" = Linux ]
+	then
+		check_CVE_2022_40982_linux
+	else
+		_warn "Unsupported OS ($os)."
+	fi
+}
+
+check_CVE_2022_40982_linux() {
+	status=UNK
+	sys_interface_available=0
+	msg=''
+
+	if sys_interface_check "/sys/devices/system/cpu/vulnerabilities/gather_data_sampling"; then
+		# this kernel has the /sys interface, trust it over everything
+		sys_interface_available=1
+	fi
+
+	if [ "$opt_sysfs_only" != 1 ]; then
+		_info_nol "* GDS is mitigated by microcode: "
+		if [ "$capabilities_gds_ctrl" = 1 ] && [ "$mcu_opt_ctrl_gds_mitg_dis" = 0 ]; then
+			pstatus green OK "microcode mitigation is supported and enabled"
+		else
+			pstatus yellow NO
+		fi
+		_info_nol "* Kernel supports software mitigation by disabling AVX: "
+		if [ -n "$kernel_err" ]; then	
+			kernel_gds_err="$kernel_err"
+		elif grep -q 'gather_data_sampling' "$kernel"; then
+			kernel_gds="found gather_data_sampling in kernel image"
+		fi
+		if [ -n "$kernel_gds" ]; then
+			pstatus green YES "$kernel_gds"
+		elif [ -n "$kernel_gds_err" ]; then
+			pstatus yellow UNKNOWN "$kernel_gds_err"
+		else
+			pstatus yellow NO
+		fi
+
+		if [ -n "$kernel_gds" ]; then
+			_info_nol "* Is the kernel mitigation active: "
+
+			# Check dmesg message to see whether AVX has been disabled
+			dmesg_grep 'Microcode update needed! Disabling AVX as mitigation'; ret=$?
+			if [ $ret -eq 2 ]; then
+				pstatus yellow UNKNOWN "dmesg truncated, AVX mitigation detection will be unreliable. Please reboot and relaunch this script"
+			elif [ $ret -eq 0 ]; then
+				kernel_avx_disabled="AVX disabled by the kernel"
+				pstatus green YES "$kernel_avx_disabled"
+			else
+				pstatus red NO "No trace of AVX mitigation in dmesg"
+			fi
+		fi
+
+	elif [ "$sys_interface_available" = 0 ]; then
+		# we have no sysfs but were asked to use it only!
+		msg="/sys vulnerability interface use forced, but it's not available!"
+		status=UNK
+	fi
+
+	if ! is_cpu_affected "$cve" ; then
+		# override status & msg in case CPU is not vulnerable after all
+		pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
+	elif [ -z "$msg" ]; then
+		# if msg is empty, sysfs check didn't fill it, rely on our own test
+		if [ "$capabilities_gds_ctrl" = 1 ] && [ "$mcu_opt_ctrl_gds_mitg_dis" = 0 ]; then
+			pvulnstatus $cve OK "Your microcode is up to date and mitigation is enabled"
+		elif [ "$capabilities_gds_ctrl" = 1 ] && [ "$mcu_opt_ctrl_gds_mitg_dis" = 1 ]; then
+			pvulnstatus $cve VULN "Your microcode is up to date but mitigation is disabled"
+		elif [ -z "$kernel_gds" ]; then
+			pvulnstatus $cve VULN "Your microcode doesn't mitigate the vulnerability, and your kernel doesn't support mitigation"
+		elif [ -z "$kernel_avx_disabled" ]; then
+			pvulnstatus $cve VULN "Your microcode doesn't mitigate the vulnerability, your kernel support the mitigation but the script did not detect AVX as disabled by the kernel"
+		else
+			pvulnstatus $cve OK "Your microcode doesn't mitigate the vulnerability, but your kernel has disabled AVX support"
+		fi
+	else
+		pvulnstatus $cve "$status" "$msg"
+	fi
+}

 #######################
 # END OF VULNS SECTIONS
@ -6134,11 +6365,134 @@ fi
 [ "$global_unknown"  = 1 ] && exit 3  # unknown
 exit 0  # ok

-# We're using MCE.db from the excellent platomav's MCExtractor project
-# The builtin version follows, but the user can download an up-to-date copy (to be stored in his $HOME) by using --update-fwdb
-# To update the builtin version itself (by *modifying* this very file), use --update-builtin-fwdb
+# Dump from Intel affected CPU page:
+# - https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
+# Only currently-supported CPUs are listed, so only rely on it if the current CPU happens to be in the list.
+# We merge it with info from the following file:
+# - https://software.intel.com/content/dam/www/public/us/en/documents/affected-processors-transient-execution-attacks-by-cpu-aug02.xlsx
+# As it contains some information from older processors, however when information is contradictory between the two sources, the HTML takes precedence as
+# it is expected to be updated, whereas the xslx seems to be frozen.
+#
+# N: Not affected
+# S: Affected, software fix
+# H: Affected, hardware fix
+# M: Affected, MCU update needed
+# B: Affected, BIOS update needed
+# X: Affected, no planned mitigation
+# Y: Affected (this is from the xlsx, no details are available)
+#
+# %%% INTELDB
+# 0x000206A7,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N,
+# 0x000206D6,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N,
+# 0x000206D7,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N,
+# 0x00030673,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x00030678,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x00030679,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x000306A9,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=Y,
+# 0x000306C3,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=Y,
+# 0x000306D4,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=Y,2020-0543=Y,
+# 0x000306E4,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N,
+# 0x000306E7,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N,
+# 0x000306F2,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000306F4,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N,
+# 0x00040651,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=Y,
+# 0x00040661,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=Y,
+# 0x00040671,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=Y,2020-0543=Y,
+# 0x000406A0,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x000406C3,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x000406C4,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x000406D8,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x000406E3,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,
+# 0x000406F1,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N,
+# 0x00050653,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=M,
+# 0x00050654,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=M,
+# 0x00050656,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=MS,2020-0543=N,2022-40982=M,
+# 0x00050657,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=MS,2020-0543=N,2022-40982=M,
+# 0x0005065A,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x0005065B,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x00050662,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=Y,2020-0543=N,
+# 0x00050663,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N,
+# 0x00050664,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N,
+# 0x00050665,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N,
+# 0x000506A0,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x000506C9,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000506CA,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000506D0,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x000506E3,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=N,
+# 0x000506F1,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x00060650,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x000606A0,2017-5715=Y,2017-5753=Y,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=Y,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x000606A4,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000606A5,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000606A6,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000606C1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000606E1,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x0007065A,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x000706A1,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000706A8,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000706E5,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=HM,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x00080660,2017-5715=Y,2017-5753=Y,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=Y,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x00080664,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x00080665,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x00080667,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000806A0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=HM,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000806A1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=HM,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000806C0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000806C1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000806C2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000806D0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000806D1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000806E9,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=M,2022-40982=M,
+# 0x000806EA,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M,
+# 0x000806EB,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=M,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M,
+# 0x000806EC,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M,
+# 0x000806F7,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000806F8,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x00090660,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x00090661,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x00090670,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x00090671,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x00090672,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x00090673,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x00090674,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x00090675,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000906A0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000906A2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000906A3,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000906A4,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000906C0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000906E9,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M,
+# 0x000906EA,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M,
+# 0x000906EB,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M,
+# 0x000906EC,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M,
+# 0x000906ED,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M,
+# 0x000A0650,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000A0651,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000A0652,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000A0653,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000A0655,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000A0660,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000A0661,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000A0670,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000A0671,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
+# 0x000A0680,2017-5715=Y,2017-5753=Y,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=Y,2018-3615=N,2018-3620=N,2018-3639=Y,2018-3640=Y,2018-3646=N,2019-11135=N,2020-0543=N,
+# 0x000B0671,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000B06A2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000B06A3,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000B06F2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# 0x000B06F5,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
+# %%% ENDOFINTELDB

-# %%% MCEDB v271+i20230614
+# We're using MCE.db from the excellent platomav's MCExtractor project
+# The builtin version follows, but the user can download an up-to-date copy (to be stored in their $HOME) by using --update-fwdb
+# To update the builtin version itself (by *modifying* this very file), use --update-builtin-fwdb
+#
+# The format below is:
+# X,CPUID_HEX,MICROCODE_VERSION_HEX,YYYYMMDD
+# with X being either I for Intel, or A for AMD
+# When the date is unknown it defaults to 20000101
+
+# %%% MCEDB v273+i20230808+b6bd
 # I,0x00000611,0x00000B27,19961218
 # I,0x00000612,0x000000C6,19961210
 # I,0x00000616,0x000000C6,19961210
@ -6370,13 +6724,13 @@ exit 0  # ok
 # I,0x00050650,0x8000002B,20160208
 # I,0x00050651,0x8000002B,20160208
 # I,0x00050652,0x80000037,20170502
-# I,0x00050653,0x01000171,20221221
-# I,0x00050654,0x02006F05,20221221
+# I,0x00050653,0x01000181,20230323
+# I,0x00050654,0x02007006,20230306
 # I,0x00050655,0x03000010,20181116
-# I,0x00050656,0x04003501,20221221
-# I,0x00050657,0x05003501,20221221
+# I,0x00050656,0x04003604,20230317
+# I,0x00050657,0x05003604,20230317
 # I,0x0005065A,0x86002302,20210416
-# I,0x0005065B,0x07002601,20221221
+# I,0x0005065B,0x07002703,20230321
 # I,0x00050661,0xF1000008,20150130
 # I,0x00050662,0x0000001C,20190617
 # I,0x00050663,0x0700001C,20210612
@ -6405,7 +6759,7 @@ exit 0  # ok
 # I,0x000606A0,0x80000031,20200308
 # I,0x000606A4,0x0B000280,20200817
 # I,0x000606A5,0x0C0002F0,20210308
-# I,0x000606A6,0x0D000390,20221228
+# I,0x000606A6,0x0D0003A5,20230330
 # I,0x000606C0,0xFD000220,20210629
 # I,0x000606C1,0x01000230,20230127
 # I,0x000606E0,0x0000000B,20161104
@ -6418,7 +6772,7 @@ exit 0  # ok
 # I,0x000706E2,0x00000042,20190420
 # I,0x000706E3,0x81000008,20181002
 # I,0x000706E4,0x00000046,20190905
-# I,0x000706E5,0x000000BA,20221225
+# I,0x000706E5,0x000000BC,20230226
 # I,0x00080650,0x00000018,20180108
 # I,0x00080664,0x4C000021,20220815
 # I,0x00080665,0x4C000021,20220815
@ -6426,56 +6780,56 @@ exit 0  # ok
 # I,0x000806A0,0x00000010,20190507
 # I,0x000806A1,0x00000033,20230113
 # I,0x000806C0,0x00000068,20200402
-# I,0x000806C1,0x000000AA,20221228
-# I,0x000806C2,0x0000002A,20221228
+# I,0x000806C1,0x000000AC,20230227
+# I,0x000806C2,0x0000002C,20230227
 # I,0x000806D0,0x00000050,20201217
-# I,0x000806D1,0x00000044,20221228
-# I,0x000806E9,0x000000F2,20230102
-# I,0x000806EA,0x000000F2,20221226
-# I,0x000806EB,0x000000F2,20221226
-# I,0x000806EC,0x000000F6,20221226
+# I,0x000806D1,0x00000046,20230227
+# I,0x000806E9,0x000000F4,20230223
+# I,0x000806EA,0x000000F4,20230223
+# I,0x000806EB,0x000000F4,20230223
+# I,0x000806EC,0x000000F8,20230226
 # I,0x000806F3,0x8D000520,20220812
-# I,0x000806F4,0x2B000461,20230313
-# I,0x000806F5,0x2B000461,20230313
-# I,0x000806F6,0x2B000461,20230313
-# I,0x000806F7,0x2B000461,20230313
-# I,0x000806F8,0x2B000461,20230313
+# I,0x000806F4,0x2C000271,20230515
+# I,0x000806F5,0x2C000271,20230515
+# I,0x000806F6,0x2C000271,20230515
+# I,0x000806F7,0x2B0004B1,20230509
+# I,0x000806F8,0x2C000271,20230515
 # I,0x00090660,0x00000009,20200617
 # I,0x00090661,0x00000017,20220715
 # I,0x00090670,0x00000019,20201111
 # I,0x00090671,0x0000001C,20210614
-# I,0x00090672,0x0000002C,20230104
+# I,0x00090672,0x0000002E,20230418
 # I,0x00090674,0x00000219,20210425
-# I,0x00090675,0x0000002C,20230104
+# I,0x00090675,0x0000002E,20230418
 # I,0x000906A0,0x0000001C,20210614
 # I,0x000906A1,0x0000011F,20211104
 # I,0x000906A2,0x00000315,20220102
-# I,0x000906A3,0x0000042A,20230214
-# I,0x000906A4,0x0000042A,20230214
+# I,0x000906A3,0x0000042C,20230418
+# I,0x000906A4,0x0000042C,20230418
 # I,0x000906C0,0x24000024,20220902
-# I,0x000906E9,0x000000F2,20221226
-# I,0x000906EA,0x000000F2,20230112
-# I,0x000906EB,0x000000F2,20221226
-# I,0x000906EC,0x000000F2,20230112
-# I,0x000906ED,0x000000F8,20230205
+# I,0x000906E9,0x000000F4,20230223
+# I,0x000906EA,0x000000F4,20230223
+# I,0x000906EB,0x000000F4,20230223
+# I,0x000906EC,0x000000F4,20230223
+# I,0x000906ED,0x000000FA,20230227
 # I,0x000A0650,0x000000BE,20191010
 # I,0x000A0651,0x000000C2,20191113
-# I,0x000A0652,0x000000F6,20221227
-# I,0x000A0653,0x000000F6,20230101
+# I,0x000A0652,0x000000F8,20230223
+# I,0x000A0653,0x000000F8,20230223
 # I,0x000A0654,0x000000C6,20200123
-# I,0x000A0655,0x000000F6,20221226
-# I,0x000A0660,0x000000F6,20221226
-# I,0x000A0661,0x000000F6,20221226
+# I,0x000A0655,0x000000F8,20230223
+# I,0x000A0660,0x000000F8,20230223
+# I,0x000A0661,0x000000F8,20230223
 # I,0x000A0670,0x0000002C,20201124
-# I,0x000A0671,0x00000058,20221225
+# I,0x000A0671,0x00000059,20230226
 # I,0x000A0680,0x80000002,20200121
 # I,0x000B0670,0x0000000E,20220220
-# I,0x000B0671,0x00000113,20230206
-# I,0x000B06A2,0x00004112,20230222
-# I,0x000B06A3,0x00004112,20230222
-# I,0x000B06E0,0x00000010,20221219
-# I,0x000B06F2,0x0000002C,20230104
-# I,0x000B06F5,0x0000002C,20230104
+# I,0x000B0671,0x00000119,20230606
+# I,0x000B06A2,0x00004119,20230606
+# I,0x000B06A3,0x00004119,20230606
+# I,0x000B06E0,0x00000011,20230412
+# I,0x000B06F2,0x0000002E,20230418
+# I,0x000B06F5,0x0000002E,20230418
 # I,0x000C06F1,0x21000030,20230410
 # I,0x000C06F2,0x21000030,20230410
 # A,0x00000F00,0x02000008,20070614
@ -6579,8 +6933,8 @@ exit 0  # ok
 # A,0x00A10F01,0x0A100104,20220207
 # A,0x00A10F0B,0x0A100B07,20220610
 # A,0x00A10F10,0x0A101020,20220913
-# A,0x00A10F11,0x0A101135,20230509
-# A,0x00A10F12,0x0A101235,20230509
+# A,0x00A10F11,0x0A10113E,20230620
+# A,0x00A10F12,0x0A10123E,20230620
 # A,0x00A20F00,0x0A200025,20200121
 # A,0x00A20F10,0x0A201025,20211014
 # A,0x00A20F12,0x0A20120A,20211014
@ -6592,5 +6946,5 @@ exit 0  # ok
 # A,0x00A60F11,0x0A601114,20220712
 # A,0x00A60F12,0x0A601203,20220715
 # A,0x00AA0F00,0x0AA00009,20221006
-# A,0x00AA0F01,0x0AA00112,20230510
-# A,0x00AA0F02,0x0AA0020E,20230510
+# A,0x00AA0F01,0x0AA00116,20230619
+# A,0x00AA0F02,0x0AA00212,20230619
Author	SHA1	Message	Date
Sébastien Mériot	c1c1ac4dbb	feat(downfall): detection of the kernel mitigation relying on dmesg	2023-08-10 11:14:40 +02:00
Stéphane Lesimple	ba0daa6769	feat: downfall: add kernel soft mitigation support check	2023-08-10 11:14:40 +02:00
Sébastien Mériot	227c0aab1e	feat(downfall): add downfall checks	2023-08-10 11:14:40 +02:00
Stéphane Lesimple	8ba3751cf7	fwdb: update to latest Intel ucode versions	2023-08-09 10:35:08 +02:00
Stéphane Lesimple	d013c0a7d2	doc: add kernel src as additional ucode version source	2023-08-01 10:22:15 +02:00
Stéphane Lesimple	cbe8ba10ce	fix: inteldb: cpuid 0x00090660 and 0x000A0680	2023-07-30 13:21:38 +02:00
Stéphane Lesimple	9c2587bca5	enh: when CPUID can't be read, built it by ourselves	2023-07-30 12:21:12 +02:00
Stéphane Lesimple	2a5ddc87bf	feat: add Intel known affected processors DB	2023-07-30 12:21:12 +02:00
Stéphane Lesimple	2ef6c1c80e	enh: factorize file download func	2023-07-28 20:03:16 +02:00
Stéphane Lesimple	3c224018f4	chore: update disclaimer and FAQ	2023-07-28 20:03:16 +02:00