From 11210ab772b2fe0872de547b03fa4cbc7fd03b55 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 01:10:32 +0000 Subject: [PATCH] fix: CVE-2024-3635[0,7] don't print lines about TSA CPUID bits under non-AMD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit built from commit 6106dce8d806325c25e3f1de2ab2dc5d362f66b4 dated 2026-04-06 03:09:18 +0200 by Stéphane Lesimple (speed47_github@speed47.net) --- spectre-meltdown-checker.sh | 66 ++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 31 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 074755f..4aae27f 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -13,7 +13,7 @@ # # Stephane Lesimple # -VERSION='26.29.0406032' +VERSION='26.29.0406048' # --- Common paths and basedirs --- readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities" @@ -10023,22 +10023,24 @@ check_CVE_2024_36350_linux() { pstatus yellow NO fi - pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-SQ (TSA_SQ_NO): " - if [ "$cap_tsa_sq_no" = 1 ]; then - pstatus green YES - elif [ "$cap_tsa_sq_no" = 0 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" - fi + if is_amd || is_hygon; then + pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-SQ (TSA_SQ_NO): " + if [ "$cap_tsa_sq_no" = 1 ]; then + pstatus green YES + elif [ "$cap_tsa_sq_no" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + fi - pr_info_nol "* Microcode supports VERW buffer clearing: " - if [ "$cap_verw_clear" = 1 ]; then - pstatus green YES - elif [ "$cap_verw_clear" = 0 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + pr_info_nol "* Microcode supports VERW buffer clearing: " + if [ "$cap_verw_clear" = 1 ]; then + pstatus green YES + elif [ "$cap_verw_clear" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + fi fi pr_info_nol "* Hyper-Threading (SMT) is enabled: " @@ -10200,22 +10202,24 @@ check_CVE_2024_36357_linux() { pstatus yellow NO fi - pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-L1 (TSA_L1_NO): " - if [ "$cap_tsa_l1_no" = 1 ]; then - pstatus green YES - elif [ "$cap_tsa_l1_no" = 0 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" - fi + if is_amd || is_hygon; then + pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-L1 (TSA_L1_NO): " + if [ "$cap_tsa_l1_no" = 1 ]; then + pstatus green YES + elif [ "$cap_tsa_l1_no" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + fi - pr_info_nol "* Microcode supports VERW buffer clearing: " - if [ "$cap_verw_clear" = 1 ]; then - pstatus green YES - elif [ "$cap_verw_clear" = 0 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + pr_info_nol "* Microcode supports VERW buffer clearing: " + if [ "$cap_verw_clear" = 1 ]; then + pstatus green YES + elif [ "$cap_verw_clear" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + fi fi elif [ "$sys_interface_available" = 0 ]; then