From 03f63714b5032b37b3bac4f69298f03444e12743 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 1 Apr 2026 19:58:20 +0000 Subject: [PATCH] fix: CVE-2023-20569: logic errors with kernel_sro type change (bool => str) --- src/vulns/CVE-2023-20569.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/vulns/CVE-2023-20569.sh b/src/vulns/CVE-2023-20569.sh index b399809..3b27227 100644 --- a/src/vulns/CVE-2023-20569.sh +++ b/src/vulns/CVE-2023-20569.sh @@ -64,9 +64,9 @@ check_CVE_2023_20569_linux() { # if it's present, then SRSO is NOT compiled in pstatus yellow NO "kernel not compiled with (CPU|MITIGATION)_SRSO" else - # if it's not present, then SRSO is compiled in IF kernel_sro==1, otherwise we're just + # if it's not present, then SRSO is compiled in IF kernel_sro is set, otherwise we're just # in front of an old kernel that doesn't have the mitigation logic at all - if [ "$kernel_sro" = 1 ]; then + if [ -n "$kernel_sro" ]; then kernel_srso="SRSO mitigation logic is compiled in the kernel" pstatus green OK "$kernel_srso" else @@ -110,9 +110,9 @@ check_CVE_2023_20569_linux() { # if it's present, then IBPB_ENTRY is NOT compiled in pstatus yellow NO "kernel not compiled with (CPU|MITIGATION)_IBPB_ENTRY" else - # if it's not present, then IBPB_ENTRY is compiled in IF kernel_sro==1, otherwise we're just + # if it's not present, then IBPB_ENTRY is compiled in IF kernel_sro is set, otherwise we're just # in front of an old kernel that doesn't have the mitigation logic at all - if [ "$kernel_sro" = 1 ]; then + if [ -n "$kernel_sro" ]; then kernel_ibpb_entry="IBPB_ENTRY mitigation logic is compiled in the kernel" pstatus green OK "$kernel_ibpb_entry" else