fix: CVE-2023-20569: logic errors with kernel_sro type change (bool => str)

2026-04-02 13:17:07 +02:00 · 2026-04-01 19:58:20 +00:00
parent 08702b07c9
commit 03f63714b5
1 changed files with 4 additions and 4 deletions
--- a/src/vulns/CVE-2023-20569.sh
+++ b/src/vulns/CVE-2023-20569.sh
@@ -64,9 +64,9 @@ check_CVE_2023_20569_linux() {
                # if it's present, then SRSO is NOT compiled in
                pstatus yellow NO "kernel not compiled with (CPU|MITIGATION)_SRSO"
            else
-                # if it's not present, then SRSO is compiled in IF kernel_sro==1, otherwise we're just
+                # if it's not present, then SRSO is compiled in IF kernel_sro is set, otherwise we're just
                # in front of an old kernel that doesn't have the mitigation logic at all
-                if [ "$kernel_sro" = 1 ]; then
+                if [ -n "$kernel_sro" ]; then
                    kernel_srso="SRSO mitigation logic is compiled in the kernel"
                    pstatus green OK "$kernel_srso"
                else
@@ -110,9 +110,9 @@ check_CVE_2023_20569_linux() {
                # if it's present, then IBPB_ENTRY is NOT compiled in
                pstatus yellow NO "kernel not compiled with (CPU|MITIGATION)_IBPB_ENTRY"
            else
-                # if it's not present, then IBPB_ENTRY is compiled in IF kernel_sro==1, otherwise we're just
+                # if it's not present, then IBPB_ENTRY is compiled in IF kernel_sro is set, otherwise we're just
                # in front of an old kernel that doesn't have the mitigation logic at all
-                if [ "$kernel_sro" = 1 ]; then
+                if [ -n "$kernel_sro" ]; then
                    kernel_ibpb_entry="IBPB_ENTRY mitigation logic is compiled in the kernel"
                    pstatus green OK "$kernel_ibpb_entry"
                else