adjust README

README.md

@@ -10,10 +10,10 @@ A shell script to tell if your system is vulnerable against the several "specula
 - CVE-2018-3615 [L1 terminal fault] aka 'Foreshadow (SGX)'
 - CVE-2018-3620 [L1 terminal fault] aka 'Foreshadow-NG (OS)'
 - CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow-NG (VMM)'
-- CVE-2018-12126 [MSBDS] Microarchitectural Store Buffer Data Sampling 
-- CVE-2018-12130 [MFBDS] Microarchitectural Fill Buffer Data Sampling 
-- CVE-2018-12127 [MLPDS] Microarchitectural Load Port Data Sampling 
-- CVE-2019-11091 [MDSUM] Microarchitectural Data Sampling Uncacheable Memory 
+- CVE-2018-12126 [microarchitectural store buffer data sampling (MSBDS)] aka 'Fallout'
+- CVE-2018-12130 [microarchitectural fill buffer data sampling (MFBDS)] aka 'RIDL'
+- CVE-2018-12127 [microarchitectural load port data sampling (MLPDS)] aka 'RIDL'
+- CVE-2019-11091 [microarchitectural data sampling uncacheable memory (MDSUM)] aka 'RIDL'
 
 Supported operating systems:
 - Linux (all versions, flavors and distros)
@@ -125,21 +125,25 @@ docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/m
    - Impact: Kernel & System management mode
    - Mitigation: updated kernel (with PTE inversion)
    - Performance impact of the mitigation: negligible
-   
+
 **CVE-2018-3646** l1 terminal fault (Foreshadow-NG VMM)
 
    - Impact: Virtualization software and Virtual Machine Monitors
-   - Mitigation: disable ept (extended page tables), disable hyper-threading (SMT), or
-                 updated kernel (with L1d flush)
+   - Mitigation: disable ept (extended page tables), disable hyper-threading (SMT), or updated kernel (with L1d flush)
    - Performance impact of the mitigation: low to significant
 
-**CVE-2018-12126** [MSBDS] Microarchitectural Store Buffer Data Sampling 
-**CVE-2018-12130** [MFBDS] Microarchitectural Fill Buffer Data Sampling 
-**CVE-2018-12127** [MLPDS] Microarchitectural Load Port Data Sampling 
-**CVE-2019-11091** [MDSUM] Microarchitectural Data Sampling Uncacheable Memory 
+**CVE-2018-12126** [MSBDS] Microarchitectural Store Buffer Data Sampling (Fallout)
+
+**CVE-2018-12130** [MFBDS] Microarchitectural Fill Buffer Data Sampling (RIDL)
+
+**CVE-2018-12127** [MLPDS] Microarchitectural Load Port Data Sampling (RIDL)
+
+**CVE-2019-11091** [MDSUM] Microarchitectural Data Sampling Uncacheable Memory (RIDL)
 
    - Impact: Kernel
    - Mitigation: microcode update + kernel update making possible to protect various CPU internal buffers from unprivilaged speculative access to data
+   - Performance impact of the mitigation: TBC
+   - Note: These 4 CVEs are similar and collectively named "MDS" vulnerabilities, the mitigation is identical same for all
 
 ## Understanding what this script does and doesn't
 

spectre-meltdown-checker.sh

@@ -2354,7 +2354,6 @@ check_cpu()
 		fi
 
 		_info_nol "    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: "
-		mds_no=-1
 		capabilities_mds_no=-1
 		capabilities_rdcl_no=-1
 		capabilities_ibrs_all=-1
@@ -4269,13 +4268,13 @@ check_mds()
 
 	if [ "$opt_live" != 1 ]; then
 		pstatus blue N/A "not testable in offline mode"
-		pvulnstatus $cve UNK
+		pvulnstatus "$cve" UNK
 		return
 	fi
 
 	if ! is_cpu_vulnerable "$cve" ; then
 		# override status & msg in case CPU is not vulnerable after all
-		pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
+		pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable"
 		return
 	fi
 
@@ -4312,11 +4311,11 @@ check_mds()
 	fi
 
 	if [ $mds_mitigated = 0 ];then
-		pvulnstatus $cve VULN
+		pvulnstatus "$cve" VULN
 	elif [ $mds_mitigated = 1 ]; then
-		pvulnstatus $cve OK
+		pvulnstatus "$cve" OK
 	else
-		pvulnstatus $cve UNK "further action may be needed to mitigate this vulnerability. For more info check Linux kernel Documentation/admin-guide/hw-vuln/mds.rst"
+		pvulnstatus "$cve" UNK "further action may be needed to mitigate this vulnerability. For more info check Linux kernel Documentation/admin-guide/hw-vuln/mds.rst"
 	fi
 }