Spectre Meltdown Checker Versions Save

Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD

v0.36

6 years ago
  • Feature: Support for Spectre v2 and Meltdown mitigation detection for BSD such as FreeBSD, NetBSD, DragonFlyBSD and derivatives (#135)
  • Feature: Add support to detect RHEL 5 kernels backported mitigations (#146)
  • Feature: Add --prefix-arch option for cross-architecture kernel inspection
  • Feature: Add --hw-only option to only show CPU microcode features supported for mitigation
  • Feature: Add support to properly extract some previously unsupported ARM kernels (#82 #164)
  • Feature: Check for MSR/CPUID of each CPU core, not just the first one (#136)
  • Feature: Add --batch prometheus option to produce output for consumption by prometheus-node-exporter (#154)
  • Fix: Corrected a corner case of blacklist detection for some microcode versions (#165 #167)
  • Fix: Properly detect Xen PVHVM mode (#163)
  • Fix: No longer check MSR/CPUID for non-x86 CPUs (#164)
  • Misc: Other tiny enhancements and fixes

v0.35

6 years ago
  • Feature: correctly detect specific Red Hat/Ubuntu patch for Spectre Variant 1
  • Update: new list of blacklisted microcodes (from Intel document)
  • Enhancement: detect disrepancy between found kernel image and running kernel
  • Enhancement: speed up execution by not decompressing kernel in --sysfs-only mode
  • Enhancement: find images installed by systemd kernel-install
  • Enhancement: better explanation when kernel supports IBRS but CPU doesn't
  • Misc: other minor changes and bugfixes

v0.34

6 years ago
  • Feature: detect vanilla mitigation for Variant 1 (not yet pushed to a kernel.org release)
  • Feature: detect known speculative-execution-free CPUs (that are not vulnerable to any of the 3 variants)
  • Enhancement: update list of known blacklisted microcodes from kernel source
  • Enhancement: smarter heuristic for LFENCE check, with less false positives (always only used in last resort)
  • Misc: some cleanup, refactoring, and a couple tiny bugs squashed

v0.33

6 years ago
  • Feature: add blacklisted Intel microcode detection
  • Feature: add STIBP, RDCL_NO, IBRS_ALL CPU flags detection (without relying on kernel)
  • Feature: add IBPB detection for Variant 2
  • Feature: detect Xen Dom0/DomU and report accordingly
  • Feature: detect retpoline-aware compiler and runtime retpoline activation
  • Enhancement: detect when dmesg is truncated and don't rely on log files
  • Some minor fixes