Another big round of updates as I'm catching up with the recent CVEs.
New CVE/vulnerabilities detection
- CVE-2024-28956 (ITS - Indirect Target Selection)
- CVE-2025-40300 (VMScape)
- CVE-2024-45332 (BTI - Branch Target Injection)
Enhancements to existing CVE detections
- CVE-2023-23583 (Reptar): update known fixed microcode versions
- CVE-2024-45332 (BPI): add known fixed microcode versions
Bug fixes
- Fix
sys_interface_check()not properly setting the caller's$msgvariable in the latest release (#533)
New documented unsupported CVEs
Already covered by an existing CVE check:
- CVE-2025-20623 - Shared Microarchitectural Predictor State (10th Gen Intel), covered by CVE-2024-45332 (BPI)
- CVE-2025-24495 - Lion Cove BPU Initialization, covered by CVE-2024-28956 (ITS)
No kernel or microcode mitigations to check:
- CVE-2020-12965 - Transient Execution of Non-Canonical Accesses / SLAM (AMD)
- CVE-2024-7881 - ARM Prefetcher Privilege Escalation
Not a transient/speculative execution vulnerability:
- CVE-2023-31315 - SinkClose (AMD SMM Lock Bypass)
- CVE-2024-56161 - EntrySign (AMD Microcode Signature Bypass)
- CVE-2025-29943 - StackWarp (AMD SEV-SNP)