peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-23 00:53:23 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: peter:v26.21.0401891
Branches Tags
peter:master peter:test-build peter:test peter:source-build peter:source peter:vuln-watch
peter:v26.33.0420460 peter:v26.26.0404682 peter:v26.21.0401891 peter:v0.46 peter:v0.45 peter:v0.44 peter:v0.43 peter:v0.42 peter:v0.41 peter:v0.40 peter:v0.39 peter:v0.38 peter:v0.37 peter:v0.36 peter:v0.35 peter:v0.34 peter:v0.33 peter:v0.32 peter:v0.31 peter:v0.30 peter:v0.29 peter:v0.28 peter:v0.27 peter:v0.26 peter:v0.25 peter:v0.24 peter:v0.23 peter:v0.22 peter:v0.21 peter:v0.20 peter:v0.19 peter:v0.18 peter:v0.17 peter:v0.16 peter:v0.15 peter:v0.14 peter:v0.13 peter:v0.12 peter:v0.11 peter:v0.10 peter:v0.09 peter:v0.08 peter:v0.07 peter:v0.06 peter:v0.05 peter:v0.04 peter:v0.03 peter:v0.02 peter:v0.01
..
compare: peter:151dd12e3e69621f771a7ab8835209f7d8f9eaa5
Branches Tags
peter:test-build peter:test peter:master peter:source-build peter:source peter:vuln-watch
peter:v26.33.0420460 peter:v26.26.0404682 peter:v26.21.0401891 peter:v0.46 peter:v0.45 peter:v0.44 peter:v0.43 peter:v0.42 peter:v0.41 peter:v0.40 peter:v0.39 peter:v0.38 peter:v0.37 peter:v0.36 peter:v0.35 peter:v0.34 peter:v0.33 peter:v0.32 peter:v0.31 peter:v0.30 peter:v0.29 peter:v0.28 peter:v0.27 peter:v0.26 peter:v0.25 peter:v0.24 peter:v0.23 peter:v0.22 peter:v0.21 peter:v0.20 peter:v0.19 peter:v0.18 peter:v0.17 peter:v0.16 peter:v0.15 peter:v0.14 peter:v0.13 peter:v0.12 peter:v0.11 peter:v0.10 peter:v0.09 peter:v0.08 peter:v0.07 peter:v0.06 peter:v0.05 peter:v0.04 peter:v0.03 peter:v0.02 peter:v0.01

14 Commits
v26.21.040 ... 151dd12e3e

Author SHA1 Message Date
github-actions[bot]
151dd12e3e fix: cap_rdcl_no, cap_gds_no, cap_tsa_*_no were not setting the current CPU status as immune for their respective vulns 
built from commit 278989d550
 dated 2026-04-01 00:47:41 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:48:56 +00:00
github-actions[bot]
15ea90f312 enh: draft rework of CVE-2017-5753 aka spectre v1 
built from commit 4738e8f0ad
 dated 2026-04-01 00:22:07 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:23:17 +00:00
github-actions[bot]
5fd6a20ebb chore: readme: add a second table one about impact/mitigation, rework sections 
built from commit c20369d9e3899b03280bf72893956f36844bc969
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:09:49 +00:00
github-actions[bot]
e7df6a3e30 chore: readme: add a second table one about impact/mitigation 
built from commit 4f16822bb11f5b8461647c228a7f2087d5716aea
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:05:17 +00:00
github-actions[bot]
ba24551c56 chore: readme: add a second table one about impact/mitigation 
built from commit 25a7e7089a3c14f0b2d1320995b08d9d941d8c51
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 22:02:37 +00:00
github-actions[bot]
7c2699c01a chore: readme: add a second table one about impact/mitigation 
built from commit 3e969c94e04e48f8db9dbb5603371e1180a4d32a
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 21:53:12 +00:00
github-actions[bot]
6663b6422e chore: readme: add a second table one about impact/mitigation 
built from commit b74adb0957c471014dce284b2b6bf8cad85edf38
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 21:43:28 +00:00
github-actions[bot]
fe55c70658 chore: clearer CVE table in README.md 
built from commit 9bbefb7bae40c7c240641b3f714691a76976c9c0
 dated 2026-03-31 22:57:00 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 21:01:37 +00:00
github-actions[bot]
d0822e1f9d chore: prepare for dev-build renaming to test-build 
built from commit 295324a545
 dated 2026-03-31 19:34:52 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-31 17:53:45 +00:00
github-actions[bot]
10e5b5749e chore: set VERSION when building 
built from commit efa07e7fd9
 dated 2026-03-30 23:46:13 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 22:22:20 +00:00
github-actions[bot]
4f7f83a40e chore: set VERSION when building 
built from commit 88099e12bf082112a1579e2cd37f010c29463e9d
 dated 2026-03-30 23:46:13 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 21:51:45 +00:00
github-actions[bot]
4bbbd71564 update dev docs and refactor CVE list in readme 
built from commit eabddf3d72
 dated 2026-03-30 23:24:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 21:39:55 +00:00
github-actions[bot]
c174a8b754 update dev docs and readme 
built from commit f66cb22a6d4779162909ea1ae1139c80942b1ce8
 dated 2026-03-30 23:24:18 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 21:28:20 +00:00
github-actions[bot]
0f36203b5f chore: adjust workflow for dev-build 
built from commit 254f8ece6de39214c5e25694b0fea8c2ddfbf511
 dated 2026-03-30 21:24:34 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
 2026-03-30 21:08:41 +00:00
2 changed files with 473 additions and 1450 deletions
Expand all files Collapse all files

73
.github/workflows/check.yml vendored Normal file
View File

@@ -0,0 +1,73 @@
name: CI
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: install prerequisites
run: sudo apt-get update && sudo apt-get install -y shellcheck jq sqlite3 iucode-tool
- name: shellcheck
run: shellcheck -s sh spectre-meltdown-checker.sh
- name: check indentation
run: |
if [ $(grep -cPv "^\t*\S|^$" spectre-meltdown-checker.sh) != 0 ]; then
echo "Badly indented lines found:"
grep -nPv "^\t*\S|^$" spectre-meltdown-checker.sh
exit 1
else
echo "Indentation seems correct."
fi
- name: check direct execution
run: |
expected=19
nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then
echo "Invalid number of CVEs reported: $nb instead of $expected"
exit 1
else
echo "OK $nb CVEs reported"
fi
- name: check docker compose run execution
run: |
expected=19
docker compose build
nb=$(docker compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then
echo "Invalid number of CVEs reported: $nb instead of $expected"
exit 1
else
echo "OK $nb CVEs reported"
fi
- name: check docker run execution
run: |
expected=19
docker build -t spectre-meltdown-checker .
nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then
echo "Invalid number of CVEs reported: $nb instead of $expected"
exit 1
else
echo "OK $nb CVEs reported"
fi
- name: check fwdb update
run: |
nbtmp1=$(find /tmp 2>/dev/null | wc -l)
./spectre-meltdown-checker.sh --update-fwdb; ret=$?
if [ "$ret" != 0 ]; then
echo "Non-zero return value: $ret"
exit 1
fi
nbtmp2=$(find /tmp 2>/dev/null | wc -l)
if [ "$nbtmp1" != "$nbtmp2" ]; then
echo "Left temporary files!"
exit 1
fi
if ! [ -e ~/.mcedb ]; then
echo "No .mcedb file found after updating fwdb"
exit 1
fi

1850
spectre-meltdown-checker.sh
View File

File diff suppressed because it is too large Load Diff