22
0
anag_factory df7d8b4249 Accepting request 1364752 from security
- updated to v26.36.0602723
  Release highlights:
  This release brings some features to ARM64 hosts. They get
  dedicated silicon-errata checks, a proper CPU details block, and
  architecture-aware filtering so x86 hosts no longer show ARM64 noise
  and vice-versa.
  On the x86 side, MMIO Stale Data detection is now much more honest
  about end-of-life Intel CPUs that Intel never officially assessed,
  these are now reported as UNK (or VULN under --paranoid) instead of
  a misleading "not affected".
  The tool now better detects guest environments and warns you that the
  microcode version reported by your hypervisor may be fake or stale, so
  the "up-to-date microcode" check can't be trusted from inside the guest.
  More detailed changelog:
  - Add ARM64 silicon errata (issue #357)
  Three speculation/security-relevant ARM64 errata families are now
  detected. As these are tracked by vendor erratum IDs rather than CVEs, a
  new CVE-0001-NNNN placeholder range has been reserved for vendor errata,
  along with a new --errata <number> selector (alongside --variant/--cve):
  -   Speculative AT TLB corruption (1165522 / 1319367 / 1319537 / 1530923)
  -   Speculative unprivileged load (2966298 / 3117295)
  -   MSR SSBS not self-synchronizing (3194386 and siblings)
  CPU affectedness is determined per-core from the (implementer,
  part, variant, revision) tuple in /proc/cpuinfo, matching the
  kernel code. Kernel mitigation detection relies on the per-erratum
  CONFIG_ARM64_ERRATUM_NNNN symbols, kernel image descriptor strings,
  and dmesg (no sysfs exists for these).
  Architecture-aware CVE filtering
  - CVE_REGISTRY gains an optional fifth field tagging checks as x86-only or arm-only; untagged entries apply everywhere.
  - Default "all CVEs" runs now skip checks irrelevant to the inspected (forwarded request 1364751 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/1364752
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/spectre-meltdown-checker?expand=0&rev=14
2026-07-09 20:21:53 +00:00
2026-07-09 15:36:11 +00:00
2026-07-09 15:36:11 +00:00
S
Description
No description provided
138 KiB
Languages
HTML 100%