Commit Graph

  • e844f9cff3 feat: hide CVE checks that arebirrelevant for current arch test-build github-actions[bot] 2026-04-21 06:56:29 +00:00
  • 7329c1fd2f feat: hide CVE checks that arebirrelevant for current arch test Stéphane Lesimple 2026-04-21 08:53:08 +02:00
  • 8a302b56e6 feat: add ARM64 silicon errata checks (issue #357) Stéphane Lesimple 2026-04-21 08:31:00 +02:00
  • 5262efbf55 fix: mmio stale data: EOL Intel CPUs may be vulnerable (#437) github-actions[bot] 2026-04-20 20:44:06 +00:00
  • 03b1787d69 fix: mmio stale data: EOL Intel CPUs may be vulnerable (#437) Stéphane Lesimple 2026-04-20 22:42:04 +02:00
  • 440424f524 doc: readme: correct markdown indentation for unordered list items (#569) github-actions[bot] 2026-04-20 16:05:45 +00:00
  • 8a417e5579 doc: readme: correct markdown indentation for unordered list items (#569) 林博仁 Buo-ren Lin 2026-04-21 00:02:47 +08:00
  • 02fa416bab doc: readme: correct markdown indentation for unordered list items (#569) master 林博仁 Buo-ren Lin 2026-04-21 00:02:47 +08:00
  • b7b0efa773 doc: add Jump Conditional Code (JCC) Erratum to the unsupported list github-actions[bot] 2026-04-20 15:49:22 +00:00
  • b7a6182a65 doc: add Jump Conditional Code (JCC) Erratum to the unsupported list Stéphane Lesimple 2026-04-20 17:47:50 +02:00
  • 1c067add59 release v26.33.0420460 (#567) v26.33.0420460 Stéphane Lesimple 2026-04-20 15:18:11 +00:00
  • fe0d3f49f4 Merge pull request #566 from speed47/test source-build github-actions[bot] 2026-04-20 11:04:05 +00:00
  • 3e2b6cc734 Merge pull request #566 from speed47/test source Stéphane Lesimple 2026-04-20 11:02:38 +00:00
  • cf156a2ee5 doc: update output formats doc + normalize json to bool github-actions[bot] 2026-04-20 10:56:59 +00:00
  • e2d110a3b5 doc: update output formats doc + normalize json to bool Stéphane Lesimple 2026-04-20 12:47:43 +02:00
  • 4eb0d04808 chore: remove from test branch workflows that must live on master github-actions[bot] 2026-04-20 10:55:20 +00:00
  • 1bb33d5cf2 chore: remove from test branch workflows that must live on master Stéphane Lesimple 2026-04-20 12:53:36 +02:00
  • 7f5256f15e chore: workflow: handle manual bootstrap vuln-watch Stéphane Lesimple 2026-04-19 17:56:46 +02:00
  • 00bb4a951c workflow: expose reconsider_age_days input + env var Stéphane Lesimple 2026-04-19 12:46:56 +00:00
  • 7a3224ad61 throttle reconsider pass by last-review age (default 7 days) Stéphane Lesimple 2026-04-19 12:17:31 +00:00
  • 31cf549c75 prompt: point classifier at authoritative scope docs + flip tocheck bias Stéphane Lesimple 2026-04-19 11:19:38 +00:00
  • b305cc48c3 reconsider prior backlog each run + recognize CVEs from context Stéphane Lesimple 2026-04-19 10:41:52 +00:00
  • 12f545dc45 extract dates from intel/amd HTML + honor WINDOW_HOURS env Stéphane Lesimple 2026-04-19 10:06:07 +00:00
  • 43d5b77885 chore: workflow: add manual model + window_hours inputs, add reconsider Stéphane Lesimple 2026-04-19 10:55:03 +00:00
  • 50845adbfb doc: CVE-2018-3665 (Lazy FP State Restore (LazyFP)), unsupported github-actions[bot] 2026-04-19 10:50:48 +00:00
  • 6732eb141b doc: CVE-2018-3665 (Lazy FP State Restore (LazyFP)), unsupported Stéphane Lesimple 2026-04-19 12:49:17 +02:00
  • 94356c4992 init: daily vulnerability watch automation Stéphane Lesimple 2026-04-19 08:25:16 +00:00
  • 78a6e4a418 chore: move cron vuln-watch workflow script files to their own branch Stéphane Lesimple 2026-04-19 09:14:21 +00:00
  • 7eaa794980 enh: add FPDSS check for AMD Zen1/Zen+ (CVE-2025-54505) github-actions[bot] 2026-04-18 15:20:22 +00:00
  • 048ce5b6a2 enh: add FPDSS check for AMD Zen1/Zen+ (CVE-2025-54505) Stéphane Lesimple 2026-04-18 10:56:21 +00:00
  • 5af1a9fec9 chore: workflow: add scan id Stéphane Lesimple 2026-04-18 14:23:47 +00:00
  • b93027640f chore: vuln workflow: use opus, no persist creds, conditional upload Stéphane Lesimple 2026-04-18 14:19:10 +00:00
  • 5c27284119 chore: workflow: save logs Stéphane Lesimple 2026-04-18 14:05:15 +00:00
  • f2e5999fc0 chore: explicit prompt for workflow Stéphane Lesimple 2026-04-18 13:41:03 +00:00
  • 25f20b8860 chore: fix workflow perms (#558) Stéphane Lesimple 2026-04-18 13:29:54 +00:00
  • 77e3dbd6b2 add scheduled vuln research (#557) Stéphane Lesimple 2026-04-18 13:14:13 +00:00
  • 7e5eee74ac fix: remove useless checks under ARM for CVE-2023-28746 github-actions[bot] 2026-04-10 17:51:49 +00:00
  • 48454a5344 fix: remove useless checks under ARM for CVE-2023-28746 Stéphane Lesimple 2026-04-10 19:50:15 +02:00
  • 9bef6ec533 enh: use g_mode to explicitly save/load the current running mode github-actions[bot] 2026-04-10 17:29:38 +00:00
  • e67c9e4265 enh: use g_mode to explicitly save/load the current running mode Stéphane Lesimple 2026-04-10 19:26:46 +02:00
  • f7ba617e16 enh: guard x86/arm specific checks in kernel/cpu for the proper arch Stéphane Lesimple 2026-04-10 18:37:32 +02:00
  • f587d9355e enh: guard x86/arm specific checks in kernel/cpu for the proper arch github-actions[bot] 2026-04-10 16:40:49 +00:00
  • e110706df8 enh: factorize is_arch_kernel Stéphane Lesimple 2026-04-10 18:37:14 +02:00
  • 83be8fd544 chore: fix build workflow github-actions[bot] 2026-04-08 21:02:02 +00:00
  • de853fc801 chore: fix build workflow Stéphane Lesimple 2026-04-08 23:00:40 +02:00
  • 98ec067aef enh: rework json/prom output to better split x86/arm Stéphane Lesimple 2026-04-08 22:27:30 +02:00
  • ff42393fa6 new batch mode docs, add doc/ to -build branch Stéphane Lesimple 2026-04-08 21:57:03 +02:00
  • f0fb59310e fix: add a missing pstatus to CVE-2023-20588 check Stéphane Lesimple 2026-04-08 21:42:19 +02:00
  • be0f2d20d2 fix: remove misleading explain on correctly mitigated SLS Stéphane Lesimple 2026-04-08 21:41:55 +02:00
  • 3639de9e8a chore: fix github workflow check with new --batch output Stéphane Lesimple 2026-04-08 21:41:24 +02:00
  • df3c2aeaa3 add screenshot to README Stéphane Lesimple 2026-04-08 21:32:16 +02:00
  • 945f70bb63 fix: early abort when using --allow-msr-write Stéphane Lesimple 2026-04-08 21:11:12 +02:00
  • db84fc10de chore: make fmt Stéphane Lesimple 2026-04-08 21:03:57 +02:00
  • 60ea669e41 enh: better explain the 4 run modes Stéphane Lesimple 2026-04-08 20:53:50 +02:00
  • f1c0d5548c chg: remove --no-intel-db, it's now always used when available Stéphane Lesimple 2026-04-08 20:53:35 +02:00
  • 9e617a4363 remove prometheus-legacy format Stéphane Lesimple 2026-04-08 20:53:19 +02:00
  • b9c203120b enh: --no-runtime and --no-hw modes replacing --live and implicit 'offline' mode Stéphane Lesimple 2026-04-08 20:53:00 +02:00
  • 3f7e0a11f7 enh: CVE-2018-3640 (Spectre 3a): enhance ARM mitigation detection Stéphane Lesimple 2026-04-08 20:52:22 +02:00
  • 5c469787ea enh: rework --batch nrpe entirely Stéphane Lesimple 2026-04-08 20:51:58 +02:00
  • a952fe32c4 fix: exit_cleanup: don't lose passed exit code Stéphane Lesimple 2026-04-08 20:51:36 +02:00
  • 61fa02d577 feat: rework the --batch prometheus output entirely Stéphane Lesimple 2026-04-08 20:51:12 +02:00
  • 39dea1245e feat: rework the --batch json output entirely Stéphane Lesimple 2026-04-08 20:50:54 +02:00
  • 3afbda8430 enh: when reading CPUID is unavailable (VM?), fallback to cpuinfo where applicable Stéphane Lesimple 2026-04-06 18:58:36 +02:00
  • 6d69ce9a77 enh: read/write_msr: clearer error messages Stéphane Lesimple 2026-04-06 18:43:36 +02:00
  • 3ebfba2ac2 fix: CVE-2017-5715 (Spectre V2): Red Hat specific fix for RSB Filling (fixes #235) Stéphane Lesimple 2026-04-06 17:40:59 +02:00
  • a3f6553e65 fix: read/write msr and lockdown: fix a variable error, properly report lockdown to users Stéphane Lesimple 2026-04-06 17:40:25 +02:00
  • 42ed8efa65 fix: better compatibility under busybox, silence buggy unzlma versions (fix #432) Stéphane Lesimple 2026-04-06 17:12:21 +02:00
  • 2c766b7cc6 fix: wrmsr: specify core number (closes #294) Stéphane Lesimple 2026-04-06 17:01:17 +02:00
  • 49472f1b64 enh: clearer kernel info section at the top of the script Stéphane Lesimple 2026-04-06 15:00:00 +02:00
  • 333aa74fea enh: clearer CPU details section Stéphane Lesimple 2026-04-06 14:59:13 +02:00
  • 8d9504d174 chore: add comment about is_intel/amd/hygon recursion Stéphane Lesimple 2026-04-06 13:46:11 +02:00
  • 6043f586ef enh: update IntelDB affected CPU list to 2026-04 data, including Hybrid CPU detection Stéphane Lesimple 2026-04-06 13:43:39 +02:00
  • e1ace7c281 doc: document Platypus (CVE-2020-8694 CVE-2020-8695) as out of scope (#384) Stéphane Lesimple 2026-04-06 13:26:38 +02:00
  • 24ab98d757 doc: document CVE-2020-24511 and CVE-2020-24512 as being out of scope along with rationale (#409) Stéphane Lesimple 2026-04-06 13:07:20 +02:00
  • 155b3808b9 fix: CPUs affected by MSBDS but not MDS (fix #351) Stéphane Lesimple 2026-04-06 12:58:03 +02:00
  • b6a41918b0 doc: add CVE-2019-11157 (Plundervolt) to unsupported CVE list Stéphane Lesimple 2026-04-06 12:38:57 +02:00
  • 3c56ac35dd fix: better detect kernel lockdown & no longer require cap_flush_cmd to deem CVE-2018-3615 as mitigated (fix #296) Stéphane Lesimple 2026-04-06 12:29:26 +02:00
  • b0bb1f4676 feat: implement check for MMIO Stale Data (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) (#437) Stéphane Lesimple 2026-04-06 11:25:51 +02:00
  • 0fa7e44327 doc: add Blindside to unsupported list (#374) Stéphane Lesimple 2026-04-06 10:27:17 +02:00
  • f100b4e1dc doc: add CVE-2020-0549 (L1D Eviction Sampling, CacheOut) as unsupported Stéphane Lesimple 2026-04-06 03:33:32 +02:00
  • 6332fc3405 fix: CVE-2019-11135 (TAA) detect new 0x10F MSR for TSX-disabled CPUs (#414) Stéphane Lesimple 2026-04-06 03:23:56 +02:00
  • 3c61c7489b fix: CVE-2024-3635[0,7] don't print lines about TSA CPUID bits under non-AMD Stéphane Lesimple 2026-04-06 03:09:18 +02:00
  • 3d01978cd4 feat: add CVE-2023-20588 (AMD DIV0 bug) (#473) Stéphane Lesimple 2026-04-06 02:40:09 +02:00
  • 53c45e3363 doc: update dev guidelines Stéphane Lesimple 2026-04-05 23:58:14 +02:00
  • acf8b585a5 doc: add CVE-2024-2201 (Native BHI) and TLBleed as unsupported Stéphane Lesimple 2026-04-06 01:12:34 +02:00
  • 076a1d5723 fix: CVE-2020-0543 (SRBDS): microcode mitigation misdetected (#492) Stéphane Lesimple 2026-04-06 00:58:49 +02:00
  • ee618ead07 enh: detect IPBP return predictor bypass in Inception/SRSO ("PB-Inception") (#500) Stéphane Lesimple 2026-04-06 00:45:09 +02:00
  • 1ff1dfbe26 fix: don't default to 0x0 ucode when unknown Stéphane Lesimple 2026-04-06 00:38:55 +02:00
  • 78e4d25319 fix: bsd: use proper MSR for AMD in ucode version read fallback Stéphane Lesimple 2026-04-06 00:38:39 +02:00
  • 24ed9ccaf6 enh: MDS FreeBSD: detect software mitigation as OK unless --paranoid (#503) Stéphane Lesimple 2026-04-06 00:17:32 +02:00
  • a49234ed96 doc: add CVE-2021-26318 (ADM Prefetch) to unsupported list Stéphane Lesimple 2026-04-05 23:57:53 +02:00
  • 2ed15da028 feat: implement CVE-2023-28746 (RFDS, Register File Data Sampling) Stéphane Lesimple 2026-04-05 23:57:28 +02:00
  • 0fcdc6e6cc feat: add SLS (Straight-Line Speculation) check with --extra option Stéphane Lesimple 2026-04-05 23:54:12 +02:00
  • 9383287fc6 chore: delete FAQ.md from ./ in test-build (moved to doc/ in test) Stéphane Lesimple 2026-04-08 20:18:32 +00:00
  • a2823830a6 chore: create doc/ in -build branch github-actions[bot] 2026-04-08 20:10:38 +00:00
  • 6212de226a enh: when reading CPUID is unavailable (VM?), fallback to cpuinfo where applicable github-actions[bot] 2026-04-06 17:00:15 +00:00
  • f8873048fc enh: read/write_msr: clearer error messages github-actions[bot] 2026-04-06 16:44:52 +00:00
  • 463e33d61c fix: CVE-2017-5715 (Spectre V2): Red Hat specific fix for RSB Filling (fixes #235) github-actions[bot] 2026-04-06 15:42:13 +00:00
  • 4d1af90420 fix: better compatibility under busybox, silence buggy unzlma versions (fix #432) github-actions[bot] 2026-04-06 15:14:01 +00:00
  • e8a3c7d7f5 fix: wrmsr: specify core number (closes #294) github-actions[bot] 2026-04-06 15:02:33 +00:00