spectre-meltdown-checker

Commit Graph

Select branches

Hide Pull Requests

docker

master

#1

#10

#100

#100

#101

#102

#102

#106

#107

#108

#11

#112

#116

#12

#121

#131

#136

#137

#137

#14

#14

#140

#141

#141

#142

#15

#15

#154

#16

#167

#174

#176

#176

#177

#18

#184

#187

#19

#192

#195

#199

#199

#2

#2

#200

#201

#202

#203

#204

#204

#209

#213

#213

#216

#222

#226

#227

#23

#230

#232

#232

#237

#239

#24

#242

#242

#243

#244

#245

#246

#25

#251

#252

#253

#259

#26

#262

#264

#265

#266

#268

#270

#271

#272

#276

#277

#280

#282

#285

#287

#290

#295

#299

#3

#300

#305

#306

#31

#312

#318

#319

#32

#323

#324

#325

#326

#327

#328

#33

#33

#332

#333

#334

#338

#345

#346

#352

#355

#358

#359

#361

#362

#363

#364

#365

#366

#367

#368

#37

#375

#377

#38

#380

#381

#382

#383

#386

#39

#391

#396

#397

#4

#401

#402

#403

#404

#405

#406

#407

#408

#41

#415

#417

#418

#418

#42

#421

#422

#423

#424

#425

#426

#427

#431

#434

#434

#435

#435

#44

#47

#48

#5

#50

#51

#53

#54

#55

#60

#61

#63

#63

#7

#71

#72

#73

#75

#75

#76

#76

#77

#79

#8

#80

#84

#85

#9

#9

#93

#93

v0.01

v0.02

v0.03

v0.04

v0.05

v0.06

v0.07

v0.08

v0.09

v0.10

v0.11

v0.12

v0.13

v0.14

v0.15

v0.16

v0.17

v0.18

v0.19

v0.20

v0.21

v0.22

v0.23

v0.24

v0.25

v0.26

v0.27

v0.28

v0.29

v0.30

v0.31

v0.32

v0.33

v0.34

v0.35

v0.36

v0.37

v0.38

v0.39

v0.40

v0.41

v0.42

v0.43

v0.44

v0.45

497efe6a82 fix(l1tf): RDCL_NO bit didn't take precedence for vulnerability check on some Intel CPUs Stéphane Lesimple 2019-05-23 14:23:11 +0200
aa49dda54b enh(mock): avoid reading the sysfs interface outside sys_interface_check() for higher mocking coverage #287 Stéphane Lesimple 2019-05-23 14:27:50 +0200
f38030dd76 feat(mock): add mocking functionality to help reproducing issues under specific CPUs Stéphane Lesimple 2019-05-23 14:26:40 +0200
9aba9a2e2b fix(mds): check MDS_NO bit in is_cpu_mds_free() Stéphane Lesimple 2019-05-23 14:25:13 +0200
09a30514b3 fix(l1tf): RDCL_NO bit didn't take precedence for vulnerability check on some Intel CPUs Stéphane Lesimple 2019-05-23 14:23:11 +0200
62b46df4e7 fix(l1tf): remove libvirtd from hypervisor detection (#278) Stéphane Lesimple 2019-05-18 14:22:42 +0200
f5775e2317 Added support for MDS related vulnerabilities #362 #299 #282 Agata Gruza 2019-04-26 10:03:11 -0700
7d1f269bed fix(mds): AMD confirms they're not vulnerable Stéphane Lesimple 2019-05-16 11:31:28 +0200
4f9ca803c8 Fix help text (#285) Erich Ritz 2019-05-15 10:34:51 -0700
034763062a Add new variants to error message #285 Erich Ritz 2019-05-15 08:56:54 -0700
1a65a6dcfb fix --help message Erich Ritz 2019-05-15 08:43:43 -0700
5788cec18b fix(mds): ARM and CAVIUM are not thought to be vulnerable Stéphane Lesimple 2019-05-15 10:56:49 +0200
ae56ec0bc5 bump to v0.41 v0.41 Stéphane Lesimple 2019-05-15 09:57:28 +0200
871443c9db fix typos in README Stéphane Lesimple 2019-05-15 00:28:55 +0200
8fd4e3ab01 fix(xen): remove xenbus and xenwatch as they also exist in domU Stéphane Lesimple 2019-05-15 00:23:05 +0200
de793a7204 feat(mds): more verbose info about kernel support and microcode support for mitigation Stéphane Lesimple 2019-05-15 00:21:08 +0200
11790027d3 feat(mds): add alias ZombieLoad for CVE-2018-12130 Stéphane Lesimple 2019-05-14 21:42:36 +0200
5939c38c5c update mcedb from v109 to v110 to better detect MDS microcodes Stéphane Lesimple 2019-05-14 20:31:27 +0200
db7d3206fd feat(mds): add detection of availability of MD_CLEAR instruction Stéphane Lesimple 2019-05-14 20:30:47 +0200
1d13a423b8 adjust README Stéphane Lesimple 2019-05-14 20:16:01 +0200
8e870db4f5 Added support for MDS related vulnerabilities (#282) Agata Gruza 2019-05-14 10:21:20 -0700
d547ce4ab4 fix(ssb): fix error when no process uses prctl to set ssb mitigation Stéphane Lesimple 2019-05-13 15:35:58 +0200
d187827841 enh(vmm): add Xen daemons detection Stéphane Lesimple 2019-05-08 20:44:54 +0200
2e304ec617 enh(xen): improvements for xen systems (#270) Hans-Joachim Kliemeck 2019-05-07 20:35:52 +0200
fcc04437e8 update builtin MCEdb from v96 to v109 Stéphane Lesimple 2019-05-07 20:29:59 +0200
31540c4912

Merge branch 'master' into xen #270 Stéphane Lesimple 2019-05-07 20:23:29 +0200
d31a9810e6 enhance previous commit logic Stéphane Lesimple 2019-05-05 20:09:53 +0200
4edb867def fix(vmm): revert to checking the running processes to detect a hypervisor Stéphane Lesimple 2019-05-05 19:57:59 +0200
1264b1c7a3 chore: more shellcheck 0.6 fixes Stéphane Lesimple 2019-05-05 18:34:09 +0200
7beca1ac50 fix: invalid names in json batch mode (fixes #279) Stéphane Lesimple 2019-05-05 18:15:41 +0200
8ad10e15d3 chore: Comply with Shellcheck SC2209 (#280) David 2019-05-05 17:31:18 +0200
73dfe81527 Comply with Shellcheck SC2209 #280 David Marzal 2019-05-05 11:39:35 +0200
bfa4de96e6 enh(l1tf): in paranoid mode, assume we're running a hypervisor unless stated otherwise Stéphane Lesimple 2019-04-21 14:03:48 +0200
b022b27a51 feat(ssbd): in live mode, report whether the mitigation is active (fix #210) Stéphane Lesimple 2019-04-20 20:27:45 +0200
c4bae6ee6a IBRS kernel reported active even if sysfs has "IBRS_FW" only (#275) (#276) Dario Faggioli 2019-04-20 14:04:29 +0200
23e7db044e fix(bsd): load vmm if not already loaded, fixes #274 Stéphane Lesimple 2019-04-19 19:47:04 +0200
e1a2cae2c0 L1TF/Linux: detect SMT via sysfs #277 Dario Faggioli 2019-04-19 14:30:10 +0200
26a5fe018a L1TF/Linux: fix Mitigtion 2 against `--sysfs` options Dario Faggioli 2019-04-18 18:18:40 +0200
5e35f0a711 L1TF/Linux: fix EPT on/off detection against sysfs Dario Faggioli 2019-04-18 17:54:27 +0200
0421aea53f L1TF/Linux: More fixes to /sys based hypervisor detection Dario Faggioli 2019-04-18 17:02:37 +0200
e819a27939 L1TF/Linux: detect "running an hypervisor" via lsmod Dario Faggioli 2019-04-19 15:05:00 +0200
5e83e2cfa4 L1TF/Linux: Fix "running an hypervisor" detection via sysfs Dario Faggioli 2019-04-18 17:22:44 +0200
2cfae92cb0 L1TF/Linux: remove dead code, fix --sysfs-only bug Dario Faggioli 2019-04-18 18:08:22 +0200
9065624ea0 IBRS kernel reported active even if sysfs has "IBRS_FW" only (#275) #276 Dario Faggioli 2019-04-18 12:22:55 +0200
fc4981bb94 update MCEDB from v84 to v96 Stéphane Lesimple 2019-01-20 19:52:46 +0100
419508758e add spectre and meltdown mitigation technologies checking for Hygon CPU (#271) Dajiang Zhong 2019-01-21 02:32:36 +0800
a910a94a30

test for procfs before reading #272 Rob Gill 2018-12-27 12:43:09 +0000
3bfab0f8dd update microarhitecture name for Hygon CPU family 24 with moksha #271 dajiang 2018-12-26 10:21:57 +0800
1d02407a7f add spectre and meltdown mitigation technologies checking for Hygon CPU dajiang 2018-12-25 18:12:48 +0800
af3271df4c add xen support for meltdown Hans-Joachim Kliemeck 2018-12-16 22:08:40 +0100
8b01194630 fix issue with empty result Hans-Joachim Kliemeck 2018-12-16 21:00:44 +0100
486bab7a1e fix issue with empty result Hans-Joachim Kliemeck 2018-12-16 20:56:46 +0100
fd462040b3 add information for hardware mitigation Hans-Joachim Kliemeck 2018-12-16 19:46:08 +0100
ec44abf43c corrected colors for partial mitigation Hans-Joachim Kliemeck 2018-12-16 15:14:33 +0100
42455a9424 different return value Hans-Joachim Kliemeck 2018-12-16 15:09:25 +0100
4ee2230071 proper return value Hans-Joachim Kliemeck 2018-12-16 13:12:32 +0100
a266165bad add mitigation detection for l1tf for xen based systems Hans-Joachim Kliemeck 2018-12-15 20:45:37 +0100
d7d2e6934b fix: typo in bare metal detection (fixes #269) Stéphane Lesimple 2018-12-12 00:24:17 +0100
b0083d918e Remove unneeded volumes in Dockerfile (#266) Jan 2018-12-10 19:42:13 +0100
904a83c675 Fix Arch kernel image detection (#268) Lily Wilson 2018-12-10 13:36:58 -0500
906f54cf9d Improved hypervisor detection (#259) Rob Gill 2018-12-11 04:33:07 +1000
b946358124 Fix Arch kernel image detection #268 Lily Wilson 2018-12-09 08:58:54 -0500
8014715e71 Remove unneeded volumes in Dockerfile #266 Jan Kunzmann 2018-11-30 11:51:27 +0100
c45a06f414 Warn on missing kernel info (#265) Brett T. Warden 2018-11-25 09:37:03 -0800
4a6fa070a4 Fix misdetection of files under Clear Linux (#264) Brett T. Warden 2018-11-25 09:14:04 -0800
954d0f6b24 Warn on missing kernel info #265 Brett T. Warden 2018-11-16 12:39:52 -0800
44fb9119d1 Fix misdetection of files under Clear Linux #264 Brett T. Warden 2018-11-16 12:25:00 -0800
ace88aa7fe standart syntax Shell to 4 spaces not TAB spaces #262 Karen Lauren 2018-11-11 11:11:49 -0500
00a42c8224

typo #259 Rob Gill 2018-10-31 15:39:15 +1000
2d3341f569

chore: update readme with brief summary of L1tfs Rob Gill 2018-10-31 15:38:22 +1000
ad2b89c1f2

Fix unset $l1d_mode Rob Gill 2018-10-31 10:12:03 +1000
47f8f672a3

Update Intel Atom 6 cpu names to align with kernel Rob Gill 2018-10-28 18:37:37 +1000
af84646b79 Set $l1d_mode to -1 in cases where cpu/vulnerabilities/l1tf is not available Rob Gill 2018-10-28 10:57:01 +1000
36d31e5d73 formatting fix Rob Gill 2018-10-28 10:15:45 +1000
b53400f8ec Improved hypervisor detection Rob Gill 2018-10-28 10:10:59 +1000
025855326e

Merge pull request #2 from speed47/master Rob Gill 2018-10-28 07:51:12 +1000
c705afe764 bump to v0.40 v0.40 Stéphane Lesimple 2018-10-03 20:56:46 +0200
401ccd4b14 Correct aarch64 KPTI dmesg message Stanislav Kholmanskikh 2018-08-29 05:40:52 -0700
55120839dd Fix a typo in check_variant3_linux() Stanislav Kholmanskikh 2018-08-28 04:35:44 -0700
f5106b3c02 update MCEDB from v83 to v84 (no actual change) Stéphane Lesimple 2018-09-30 16:57:35 +0200
68289dae1e feat: add --update-builtin-mcedb to update the DB inside the script Stéphane Lesimple 2018-09-30 16:56:58 +0200
3b2d529654 feat(l1tf): read & report ARCH_CAPABILITIES bit 3 (SKIP_VMENTRY_L1DFLUSH) Stéphane Lesimple 2018-09-29 13:16:07 +0200
cbb18cb6b6 fix(l1tf): properly detect status under Red Hat/CentOS kernels Stéphane Lesimple 2018-09-29 13:00:42 +0200
299103a3ae some fixes when script is not started as root Stéphane Lesimple 2018-09-24 20:25:52 +0200
dc5402b349 chore: speed optimization of hw check and indentation fixes Stéphane Lesimple 2018-09-24 20:05:41 +0200
90c2ae5de2 feat: use the MCExtractor DB as the reference for the microcode versions Stéphane Lesimple 2018-09-23 17:29:14 +0200
53d6a44754 Fix detection of CVE-2018-3615 (L1TF_SGX) (#253) Michael Lass 2018-09-29 11:35:10 +0200
61ad5d56e7

Code consistency Rob Gill 2018-09-29 15:44:29 +1000
664fb7662f

Merge pull request #1 from speed47/master Rob Gill 2018-09-29 14:12:54 +1000
be9a32bafe Fix detection of CVE-2018-3615 #253 Michael Laß 2018-09-26 22:44:46 +0200
745a71c1bc Add another location of Arch Linux ARM kernel Michael Laß 2018-09-26 22:44:46 +0200
297d890ce9 fix ucode version check regression introduced by fbbb19f under BSD Stéphane Lesimple 2018-09-23 15:00:39 +0200
0252e74f94 feat(bsd): implement CVE-2018-3620 and CVE-2018-3646 mitigation detection Stéphane Lesimple 2018-09-22 12:26:48 +0200
fbbb19f244 Fix cases where a CPU ucode version is not found in $procfs/cpuinfo. (#246) Nicolas Sauzede 2018-09-19 22:00:59 +0200
ef1578283c Double quote to prevent globbing and word splitting. #246 Nicolas Sauzede 2018-09-19 10:14:53 +0200
c090439fe5 Fix cases where a CPU ucode version is not found in $procfs/cpuinfo. Nicolas Sauzede 2018-09-10 10:11:00 +0200
1571a56ce2 feat: add L1D flush cpuid feature bit detection Stéphane Lesimple 2018-09-19 09:05:23 +0200
3cf9141601 fix: don't display summary if no CVE was tested (e.g. --hw-only) Stéphane Lesimple 2018-09-19 09:04:52 +0200
bff38f1b26 BSD: add not-implemented-yet notice for Foreshadow-NG Stéphane Lesimple 2018-09-18 22:06:01 +0200
b419fe7c63 feat(variant4): properly detect SSBD under BSD Stéphane Lesimple 2018-09-18 22:00:32 +0200