Skip to content

v0.45

Compare
Choose a tag to compare
@speed47 speed47 released this 27 Mar 10:39
· 48 commits to master since this release

An intermediary release with preparatory work needed to integrate support for new vulns BHI and intra-mode BTI (Spectre V2-like), along with other changes that were in the pipe in the last few months:

  • feat: add --cpu, to conduct MSR read/writes and cpuinfo checks on a given CPU/core number. By default, the first core is used (id 0). --cpu all is also supported, to query all cores and report whether there is discrepancies between cores
  • feat: hardware check: add IPRED_CTRL, RRSBA_CTRL, and BHI_CTRL feature bits checks in cpuinfo, these are needed to mitigate BHI and Intra-mode BTI (https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html)
  • feat: add subleaf (ecx) != 0 support for read_cpuid, needed to query support of new bits in the IA32_SPEC_CTRL MSR
  • feat: add --allow-msr-write, and no longer write to MSRs by default, to avoid spurious messages in kernel logs, as more and more distros default having msr.allow_writes to default (allow but log a warning) or even off, which prevents writing from userspace altogether. This also fixes #385. When the cpuid bit indicating the presence of a write-only MSR is set, we'll now make the assumption that it exists, unless --allow-msr-write is specified, in which case we'll also check that.
  • feat: bsd: for unimplemented CVEs, at least report when CPU is not affected
  • feat: bsd: implement mitigation detection for the MCEPSC vulnerability
  • feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371)
  • feat: arm64: phytium: Add CPU Implementer Phytium
  • feat: arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig
  • feat: Android: autodetect a better suitable default TMPDIR (#415 #424)
  • fix: retpoline: detection on 5.15.28+ (#420)
  • fix: has_vmm false positive with pcp (#394)
  • fix: is_ucode_blacklisted: fix some model names
  • fix: refuse to run under MacOS and ESXi (#398)
  • fix: variant4: added case where prctl ssbd status is tagged as 'unknown'
  • fix: extract_kernel: don't overwrite kernel_err if already set
  • chore: only attempt to load msr and cpuid modules once
  • chore: read_cpuid/read_msr/write_msr: use named constants for better maintainability
  • chore: wording: model not vulnerable -> model not affected
  • chore: update Intel Family 6 models
  • chore: ensure vars are set before being de-referenced (set -u compat)
  • chore: update fwdb to v222+i20220208