stable

spectre-meltdown-checker-0.45-1.el7

FEDORA-EPEL-2022-b8803715a9 created by ganto 3 years ago for Fedora EPEL 7

An intermediary release with preparatory work needed to integrate support for new vulns BHI and intra-mode BTI (Spectre V2-like), along with other changes that were in the pipe in the last few months:

  • feat: add --cpu, to conduct MSR read/writes and cpuinfo checks on a given CPU/core number. By default, the first core is used (id 0). --cpu all is also supported, to query all cores and report whether there is discrepancies between cores
  • feat: hardware check: add IPRED_CTRL, RRSBA_CTRL, and BHI_CTRL feature bits checks in cpuinfo, these are needed to mitigate BHI and Intra-mode BTI (https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html)
  • feat: add subleaf (ecx) != 0 support for read_cpuid, needed to query support of new bits in the IA32_SPEC_CTRL MSR
  • feat: add --allow-msr-write, and no longer write to MSRs by default, to avoid spurious messages in kernel logs, as more and more distros default having msr.allow_writes to default (allow but log a warning) or even off, which prevents writing from userspace altogether. This also fixes #385. When the cpuid bit indicating the presence of a write-only MSR is set, we'll now make the assumption that it exists, unless --allow-msr-write is specified, in which case we'll also check that.
  • feat: bsd: for unimplemented CVEs, at least report when CPU is not affected
  • feat: bsd: implement mitigation detection for the MCEPSC vulnerability
  • feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371)
  • feat: arm64: phytium: Add CPU Implementer Phytium
  • feat: arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig
  • feat: Android: autodetect a better suitable default TMPDIR (#415 #424)
  • fix: retpoline: detection on 5.15.28+ (#420)
  • fix: has_vmm false positive with pcp (#394)
  • fix: is_ucode_blacklisted: fix some model names
  • fix: refuse to run under MacOS and ESXi (#398)
  • fix: variant4: added case where prctl ssbd status is tagged as 'unknown'
  • fix: extract_kernel: don't overwrite kernel_err if already set
  • chore: only attempt to load msr and cpuid modules once
  • chore: read_cpuid/read_msr/write_msr: use named constants for better maintainability
  • chore: wording: model not vulnerable -> model not affected
  • chore: update Intel Family 6 models
  • chore: ensure vars are set before being de-referenced (set -u compat)
  • chore: update fwdb to v222+i20220208

This update has been submitted for testing by ganto.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

ganto edited this update.

3 years ago

This update has been pushed to testing.

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please log in to add feedback.

Metadata
Type
enhancement
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
Builds
1
spectre-meltdown-checker-0.45-1.el7
spectre-meltdown-checker-0.45-1.el7

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.11.2 on bodhi-web-12-x8z7g.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy