Skip to content

v0.37
Compare
Choose a tag to compare
@speed47 speed47 released this 18 Apr 21:52
· 278 commits to master since this release
v0.37
edebe4d
  • Feature: add a detailed explanation of "what to do" when system if found vulnerable against one of the vulnerabilities (skip with --no-explain)
  • Feature: rework output for IBRS/IBPB check and better detection for newer kernels (IBRS_FW, IBPB without IBRS, ...)
  • Feature: check for Red Hat 7/CentOS 7 specific retp_enabled knob in sysfs
  • Feature: detect arm64 Spectre Variant 1, Spectre Variant 2 and Meltdown (Variant 3) mitigations
  • Feature: add retpoline detection for BSD
  • Feature: add microcode information under BSD
  • Feature: add PTI performance check under BSD
  • Feature: add detection of AMD-specific STIBP, STIBP-always-on, IBRS, IBRS-always-on and IBRS-preferred CPUID feature flags
  • Feature: when ibpb_enabled=2 (Red Hat), warn if SMT is not disabled
  • Feature: detect whether the kernel supports RSB filling (important for Skylake+)
  • Feature: add --paranoid to make IBPB required in addition to retpoline for Variant 2
  • Refactor: don't test AMD-specific flags on Intel and Intel-specific flags on AMD for clarity
  • Fix: when PTI activation is unknown, don't say we're vulnerable
  • Fix: don't hide microcode information for AMD CPUs
  • Misc: other minor fixes and enhancements
Assets 2
Loading