fix: CVE-2024-3635[0,7] don't print lines about TSA CPUID bits under non-AMD

built from commit 6106dce8d8 dated 2026-04-06 03:09:18 +0200 by Stéphane Lesimple (speed47_github@speed47.net)
2026-04-09 10:13:18 +02:00 · 2026-04-06 01:10:32 +00:00
parent 624aef4a46
commit 11210ab772
1 changed files with 35 additions and 31 deletions
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -13,7 +13,7 @@
 #
 # Stephane Lesimple
 #
-VERSION='26.29.0406032'
+VERSION='26.29.0406048'
 # --- Common paths and basedirs ---
 readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities"
@@ -10023,22 +10023,24 @@ check_CVE_2024_36350_linux() {
            pstatus yellow NO
        fi
-        pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-SQ (TSA_SQ_NO): "
+        if is_amd || is_hygon; then
-        if [ "$cap_tsa_sq_no" = 1 ]; then
+            pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-SQ (TSA_SQ_NO): "
-            pstatus green YES
+            if [ "$cap_tsa_sq_no" = 1 ]; then
-        elif [ "$cap_tsa_sq_no" = 0 ]; then
+                pstatus green YES
-            pstatus yellow NO
+            elif [ "$cap_tsa_sq_no" = 0 ]; then
-        else
+                pstatus yellow NO
-            pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
+            else
-        fi
+                pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
            fi
-        pr_info_nol "* Microcode supports VERW buffer clearing: "
+            pr_info_nol "* Microcode supports VERW buffer clearing: "
-        if [ "$cap_verw_clear" = 1 ]; then
+            if [ "$cap_verw_clear" = 1 ]; then
-            pstatus green YES
+                pstatus green YES
-        elif [ "$cap_verw_clear" = 0 ]; then
+            elif [ "$cap_verw_clear" = 0 ]; then
-            pstatus yellow NO
+                pstatus yellow NO
-        else
+            else
-            pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
+                pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
            fi
        fi
        pr_info_nol "* Hyper-Threading (SMT) is enabled: "
@@ -10200,22 +10202,24 @@ check_CVE_2024_36357_linux() {
            pstatus yellow NO
        fi
-        pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-L1 (TSA_L1_NO): "
+        if is_amd || is_hygon; then
-        if [ "$cap_tsa_l1_no" = 1 ]; then
+            pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-L1 (TSA_L1_NO): "
-            pstatus green YES
+            if [ "$cap_tsa_l1_no" = 1 ]; then
-        elif [ "$cap_tsa_l1_no" = 0 ]; then
+                pstatus green YES
-            pstatus yellow NO
+            elif [ "$cap_tsa_l1_no" = 0 ]; then
-        else
+                pstatus yellow NO
-            pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
+            else
-        fi
+                pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
            fi
-        pr_info_nol "* Microcode supports VERW buffer clearing: "
+            pr_info_nol "* Microcode supports VERW buffer clearing: "
-        if [ "$cap_verw_clear" = 1 ]; then
+            if [ "$cap_verw_clear" = 1 ]; then
-            pstatus green YES
+                pstatus green YES
-        elif [ "$cap_verw_clear" = 0 ]; then
+            elif [ "$cap_verw_clear" = 0 ]; then
-            pstatus yellow NO
+                pstatus yellow NO
-        else
+            else
-            pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
+                pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
            fi
        fi
    elif [ "$sys_interface_available" = 0 ]; then