Stéphane Lesimple 8a302b56e6 feat: add ARM64 silicon errata checks (issue #357) ...

Add detection for three speculation/security-relevant ARM64 errata
families that are tracked by vendor erratum IDs rather than CVEs: Speculative
AT TLB corruption (1165522/1319367/1319537/1530923), speculative unprivileged
load (2966298/3117295), and MSR SSBS not self-synchronizing (3194386 and
siblings). Reserves a new CVE-0001-NNNN placeholder range for vendor errata
and adds a --errata <number> selector alongside --variant/--cve.

CPU affection is determined per-core from (implementer, part, variant,
revision) tuples read from /proc/cpuinfo, matching the kernel's MIDR ranges
(including Kryo4xx Silver for erratum 1530923). Kernel mitigation detection
uses the erratum-specific CONFIG_ARM64_ERRATUM_NNNN symbols, kernel image
descriptor strings, and dmesg output (no sysfs for these)

2026-04-21 08:33:50 +02:00

.github/workflows

chore: remove from test branch workflows that must live on master

2026-04-20 12:53:36 +02:00

dist

feat: add ARM64 silicon errata checks (issue #357)

2026-04-21 08:33:50 +02:00

img

add screenshot to README

2026-04-08 22:35:53 +02:00

scripts

enh: auto-generate intel model list

2026-04-02 22:33:48 +02:00

src

feat: add ARM64 silicon errata checks (issue #357)

2026-04-21 08:33:50 +02:00

.gitignore

chore: add .gitignore

2026-03-30 23:07:59 +02:00

build.sh

chore: set VERSION when building

2026-03-31 00:18:09 +02:00

DEVELOPMENT.md

enh: add FPDSS check for AMD Zen1/Zen+ (CVE-2025-54505)

2026-04-18 17:18:42 +02:00

Makefile

dev-build workflow

2026-03-30 23:07:59 +02:00

Description

No description provided

cve-2017-5715cve-2017-5753cve-2017-5754cve-2018-3615cve-2018-3620cve-2018-3639cve-2018-3640cve-2018-3646cve-2019-11135dragonflybsdforeshadowfreebsdkernellinuxmeltdownmitigationnetbsdspectrezombieload

4.6 MiB

Languages

Shell 100%