fix: cap_rdcl_no, cap_gds_no, cap_tsa_*_no were not setting the current CPU status as immune for their respective vulns

built from commit 278989d550 dated 2026-04-01 00:47:41 +0200 by Stéphane Lesimple (speed47_github@speed47.net)
2026-04-01 12:47:07 +02:00 · 2026-03-31 22:48:56 +00:00
parent 15ea90f312
commit 151dd12e3e
1 changed files with 5 additions and 2 deletions
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -13,7 +13,7 @@
 #
 # Stephane Lesimple
 #
-VERSION='26.21.0331932'
+VERSION='26.21.0331950'

 # --- Common paths and basedirs ---
 readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities"
@@ -546,7 +546,7 @@ is_cpu_affected() {
                [ -z "$affected_variantl1tf" ] && affected_variantl1tf=immune
            else
                pr_debug "is_cpu_affected: intel family 6 is vuln to l1tf"
-                affected_variantl1tf=vuln
+                [ -z "$affected_variantl1tf" ] && affected_variantl1tf=vuln
            fi
        elif [ "$cpu_family" -lt 6 ]; then
            pr_debug "is_cpu_affected: intel family < 6 is immune to l1tf"
@@ -558,6 +558,7 @@ is_cpu_affected() {
            # that they're unaffected by GDS. Also set by hypervisors on virtual CPUs
            # so that the guest kernel doesn't try to mitigate GDS when it's already mitigated on the host
            pr_debug "is_cpu_affected: downfall: not affected (GDS_NO)"
+            affected_downfall=immune
        elif [ "$cpu_family" = 6 ]; then
            # list from https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=64094e7e3118aff4b0be8ff713c242303e139834
            set -u
@@ -669,6 +670,7 @@ is_cpu_affected() {
            # they're not affected to TSA-SQ and TSA-L1
            # these vars are set in check_cpu()
            pr_debug "is_cpu_affected: TSA_SQ_NO and TSA_L1_NO are set so not vuln to TSA"
+            affected_tsa=immune
        elif [ "$cpu_family" = $((0x19)) ]; then
            affected_tsa=vuln
        fi
@@ -5881,6 +5883,7 @@ check_CVE_2018_3620_linux() {
        # this kernel has the /sys interface, trust it over everything
        sys_interface_available=1
        status=$ret_sys_interface_check_status
+        msg=$ret_sys_interface_check_fullmsg
    fi
    if [ "$opt_sysfs_only" != 1 ]; then
        pr_info_nol "* Kernel supports PTE inversion: "