Revisions of spectre-meltdown-checker
buildservice-autocommit
accepted
request 1147121
from
Marcus Meissner (msmeissn)
(revision 44)
baserev update by copy to link target
Marcus Meissner (msmeissn)
committed
(revision 43)
add reference in sles
buildservice-autocommit
accepted
request 1108155
from
Marcus Meissner (msmeissn)
(revision 42)
baserev update by copy to link target
Marcus Meissner (msmeissn)
accepted
request 1108154
from
Marcus Meissner (msmeissn)
(revision 41)
- updated to 0.46 This release mainly focuses on the detection of the new Zenbleed (CVE-2023-20593) vulnerability, among few other changes that were in line waiting for a release: - feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593) - feat: add the linux-firmware repository as another source for CPU microcode versions - feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2 - fix: docker: adding missing utils (#433) - feat: add support for Guix System kernel - fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443) - fix: a /devnull file was mistakenly created on the filesystem - fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430)
buildservice-autocommit
accepted
request 966406
from
Marcus Meissner (msmeissn)
(revision 40)
baserev update by copy to link target
Marcus Meissner (msmeissn)
accepted
request 966405
from
Marcus Meissner (msmeissn)
(revision 39)
- updated to 0.45 - arm64: phytium: Add CPU Implementer Phytium - arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig - chore: ensure vars are set before being dereferenced (set -u compat) - chore: fix indentation - chore: fwdb: update to v220+i20220208 - chore: only attempt to load msr and cpuid module once - chore: read_cpuid: use named constants - chore: readme: framapic is gone, host the screenshots on GitHub - chore: replace 'Vulnerable to' by 'Affected by' in the hw section - chore: speculative execution -> transient execution - chore: update fwdb to v222+i20220208 - chore: update Intel Family 6 models - chore: wording: model not vulnerable -> model not affected - doc: add an FAQ entry about CVE support - doc: add an FAQ.md and update the README.md accordingly - doc: more FAQ and README - doc: readme: make the FAQ entry more visible - feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied - feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208 - feat: add subleaf != 0 support for read_cpuid - feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371) - feat: bsd: for unimplemented CVEs, at least report when CPU is not affected - feat: hw check: add IPRED, RRSBA, BHI features check - feat: implement detection for MCEPSC under BSD - feat: set default TMPDIR for Android (#415) - fix: extract_kernel: don't overwrite kernel_err if already set - fix: has_vmm false positive with pcp - fix: is_ucode_blacklisted: fix some model names - fix: mcedb: v191 changed the MCE table format
buildservice-autocommit
accepted
request 893161
from
Factory Maintainer (factory-maintainer)
(revision 38)
baserev update by copy to link target
Marcus Meissner (msmeissn)
committed
(revision 37)
- updated to 0.44 - feat: add support for SRBDS related vulnerabilities - feat: add zstd kernel decompression (#370) - enh: arm: add experimental support for binary arm images - enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode - fix: fwdb: remove Intel extract tempdir on exit - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278) - fix: fwdb: use the commit date as the intel fwdb version - fix: fwdb: update Intel's repository URL - fix: arm64: cve-2017-5753: kernels 4.19+ use a different nospec macro - fix: on CPU parse info under FreeBSD - chore: github: add check run on pull requests - chore: fwdb: update to v165.20201021+i20200616
buildservice-autocommit
accepted
request 766875
from
Marcus Meissner (msmeissn)
(revision 36)
baserev update by copy to link target
Marcus Meissner (msmeissn)
accepted
request 766868
from
Dominique Leuenberger (dimstar)
(revision 35)
- Fix typo (s/Require:/Requires:/).
Marcus Meissner (msmeissn)
committed
(revision 34)
- added requires binutils, as the script calls "readelf"
buildservice-autocommit
accepted
request 755736
from
Marcus Meissner (msmeissn)
(revision 33)
baserev update by copy to link target
Marcus Meissner (msmeissn)
committed
(revision 32)
- upstream tarball no longer includes license, use the gpl 3 standalone html for it
Marcus Meissner (msmeissn)
committed
(revision 31)
Marcus Meissner (msmeissn)
committed
(revision 30)
Marcus Meissner (msmeissn)
committed
(revision 29)
- version 0.43 - feat: implement TAA detection (CVE-2019-11135 bsc#1139073) - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665) - feat: taa: add TSX_CTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database - feat: use --live with --kernel/--config/--map to override file detection in live mode - enh: rework the vuln logic of MDS with --paranoid (fixes #307) - enh: explain that Enhanced IBRS is better for performance than classic IBRS - enh: kernel: autodetect customized arch kernels from cmdline - enh: kernel decompression: better tolerance against missing tools - enh: mock: implement reading from /proc/cmdline - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes) - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels - fix: sgx: on locked down kernels, fallback to CPUID bit for detection - fix: fwdb: builtin version takes precedence if the local cached version is older - fix: pteinv: don't check kernel image if not available - fix: silence useless error from grep (fixes #322) - fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316) - fix: mocking value for read_msr - chore: rename mcedb cmdline parameters to fwdb, and change db version scheme - chore: fwdb: update to v130.20191104+i20191027 - chore: add GitHub check workflow
buildservice-autocommit
accepted
request 712091
from
Marcus Meissner (msmeissn)
(revision 28)
baserev update by copy to link target
Marcus Meissner (msmeissn)
accepted
request 712067
from
Pavol Cupka (liguros)
(revision 27)
- version 0.42 * add FreeBSD MDS mitigation detection * add mocking functionality to help debugging, dump data to mock the behavior of your CPU with --dump-mock-data * AMD, ARM and CAVIUM are not vulnerable to MDS * RDCL_NO bit wasn't taking precedence for L1TF check on some newer Intel CPUs * The MDS_NO bit on newer Intel CPUs is now recognized and used * remove libvirtd from hypervisor detection to avoid false positives (#278) * under BSD, the data returned when reading MSR was incorrectly formatted * update builtin MCEdb from v110 to v111
buildservice-autocommit
accepted
request 705188
from
Marcus Meissner (msmeissn)
(revision 26)
baserev update by copy to link target
Marcus Meissner (msmeissn)
committed
(revision 25)
- noarch does not work on older distros, removed
Displaying revisions 1 - 20 of 44