Sébastien Mériot
c1c1ac4dbb
feat(downfall): detection of the kernel mitigation relying on dmesg
2023-08-10 11:14:40 +02:00
Stéphane Lesimple
ba0daa6769
feat: downfall: add kernel soft mitigation support check
2023-08-10 11:14:40 +02:00
Sébastien Mériot
227c0aab1e
feat(downfall): add downfall checks
2023-08-10 11:14:40 +02:00
Stéphane Lesimple
8ba3751cf7
fwdb: update to latest Intel ucode versions
2023-08-09 10:35:08 +02:00
Stéphane Lesimple
cbe8ba10ce
fix: inteldb: cpuid 0x00090660 and 0x000A0680
2023-07-30 13:21:38 +02:00
Stéphane Lesimple
9c2587bca5
enh: when CPUID can't be read, built it by ourselves
2023-07-30 12:21:12 +02:00
Stéphane Lesimple
2a5ddc87bf
feat: add Intel known affected processors DB
2023-07-30 12:21:12 +02:00
Stéphane Lesimple
2ef6c1c80e
enh: factorize file download func
2023-07-28 20:03:16 +02:00
Stéphane Lesimple
3c224018f4
chore: update disclaimer and FAQ
2023-07-28 20:03:16 +02:00
Stéphane Lesimple
b8f8c81d51
release v0.46
2023-07-26 18:07:02 +02:00
Stéphane Lesimple
f34dd5fa7b
enh: assume CPU is immune to Zenbleed regardless of vendor except AMD
...
This contradicts our usual "if we don't know, consider vulnerable" motto,
but as this vuln is extremely specific (which is not the case for the Spectre
range of vulnerabilities, for example), this is the correct approach here.
2023-07-26 17:54:44 +02:00
Stéphane Lesimple
c0869d7341
enh: zenbleed: give a manual mitigation in --explain
2023-07-26 16:38:02 +02:00
Stéphane Lesimple
e99a548dcc
fix: fms2cpuid was incorrect for families > 0xF
2023-07-26 14:33:11 +02:00
Stéphane Lesimple
3d475dfaec
feat: fwdb: add linux-firmware as AMD source, update fwdb accordingly
2023-07-26 13:57:05 +02:00
Stéphane Lesimple
cba5010c2a
chore: fix typo
2023-07-26 13:57:05 +02:00
Stéphane Lesimple
c5661f098f
enh: add --explain text for Zenbleed
2023-07-26 10:56:45 +02:00
Stéphane Lesimple
6844c01242
enh: add zenbleed support to the --variant option
2023-07-26 10:46:38 +02:00
ShadowCurse
0811f28ac6
fix: arm is not affected by zenbleed
2023-07-25 19:59:59 +02:00
Stéphane Lesimple
9bb79a18eb
feat: add Zenbleed (CVE-2023-20593) and update fwdb to v270+i20230614
2023-07-25 17:54:59 +02:00
George Cherian
0d93c6ffb4
feat: arm: add Neoverse-N2 and Neoverse-V2
...
Signed-off-by: George Cherian <george.cherian@marvell.com>
2023-06-18 12:19:02 +02:00
Stéphane Lesimple
6a61df200e
update: fwdb to v266+i20230512
2023-05-13 10:27:03 +02:00
ShadowCurse
e4b313fe79
feat: arm: add Neoverse-V1
2023-04-22 11:17:06 +02:00
Hilton Chain
60c71ccb7a
Add support for Guix System kernel.
2023-02-24 20:58:45 +01:00
Stéphane Lesimple
48abeb5950
fix: bad exitcode with --update-fwdb due to trap exit
2023-02-24 20:57:43 +01:00
Stéphane Lesimple
3c988cc73a
fix: rewrite SQL to be sqlite3 >= 3.41 compatible
...
closes #443
2023-02-24 20:54:40 +01:00
glitsj16
bea5cfc3b8
Fix typo: /devnull file created in filesystem
2023-02-24 19:42:16 +01:00
Stéphane Lesimple
b68ebe67f2
fix: fwdb: ignore MCEdb versions where an official Intel version exists ( fixes #430 )
2022-03-30 09:10:55 +02:00
Stéphane Lesimple
a6c943d38f
release v0.45
2022-03-27 12:41:17 +02:00
Stéphane Lesimple
dd162301ff
chore: update fwdb to v222+i20220208
2022-03-27 12:38:44 +02:00
Stéphane Lesimple
5f6471d9a4
feat: set default TMPDIR for Android ( #415 )
2022-03-27 12:31:05 +02:00
Stéphane Lesimple
2a5b965b98
feat: add --allow-msr-write, no longer write by default ( #385 ), detect when writing is denied
2022-03-24 12:37:19 +01:00
Stéphane Lesimple
ee266d43b7
chore: fix indentation
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
b61baa90df
feat: bsd: for unimplemented CVEs, at least report when CPU is not affected
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
a98d92f8bc
chore: wording: model not vulnerable -> model not affected
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
b7c8c4115a
feat: implement detection for MCEPSC under BSD
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
4e7c52767d
chore: update Intel Family 6 models
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
8473d9ba6b
chore: ensure vars are set before being dereferenced (set -u compat)
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
0af4830224
fix: is_ucode_blacklisted: fix some model names
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
81a4329d71
feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
3679776f3c
chore: only attempt to load msr and cpuid module once
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
ba131fcd2f
chore: read_cpuid: use named constants
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
ae6bc31c2c
feat: hw check: add IPRED, RRSBA, BHI features check
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
6d7a6b3666
feat: add subleaf != 0 support for read_cpuid
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
16f2160be5
chore: fwdb: update to v220+i20220208
2022-03-17 19:39:39 +01:00
Stéphane Lesimple
580549812a
fix: retpoline: detection on 5.15.28+ ( #420 )
2022-03-17 19:25:24 +01:00
Stéphane Lesimple
05d862709d
fix: has_vmm false positive with pcp
...
Fix by matching the full procname with pgrep (-x),
so that the 'pmdakvm' process doesn't match.
Closes #394
2021-05-25 12:31:07 +02:00
Stéphane Lesimple
3846913899
fix: refuse to run under MacOS and ESXi
2021-05-24 22:42:23 +02:00
Stéphane Lesimple
0ba71a443e
fix: mcedb: v191 changed the MCE table format
...
Also update the builtin db to v191+i20210217
Closes #400
2021-05-24 12:55:44 +02:00
Stéphane Lesimple
3a486e9985
arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig
2021-04-02 15:38:31 +02:00
Stéphane Lesimple
23564cda5d
fix: variant4: added case where prctl ssbd status is tagged as 'unknown'
2021-04-02 15:38:31 +02:00