peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-02 13:17:07 +02:00
Code Issues Projects Releases Wiki Activity

fix: --sysfs-only path for CVE-2018-12207 CVE-2018-3620

Browse Source
This commit is contained in:
Stéphane Lesimple
2026-03-31 21:35:18 +02:00
parent 123ad1c8e6
commit 35d83e19a8
2 changed files with 24 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/vulns/CVE-2018-12207.sh
View File

@@ -64,6 +64,7 @@ check_CVE_2018_12207_linux() {
pvulnstatus "$cve" OK "this system is not running a hypervisor" pvulnstatus "$cve" OK "this system is not running a hypervisor"
elif [ -z "$msg" ]; then elif [ -z "$msg" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test # if msg is empty, sysfs check didn't fill it, rely on our own test
if [ "$opt_sysfs_only" != 1 ]; then
if [ "$opt_live" = 1 ]; then if [ "$opt_live" = 1 ]; then
# if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old # if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old
pvulnstatus "$cve" VULN "Your kernel doesn't support iTLB Multihit mitigation, update it" pvulnstatus "$cve" VULN "Your kernel doesn't support iTLB Multihit mitigation, update it"
@@ -75,6 +76,11 @@ check_CVE_2018_12207_linux() {
fi fi
fi fi
else else
# --sysfs-only: sysfs was available (otherwise msg would be set), use its result
pvulnstatus "$cve" "$status" "$ret_sys_interface_check_fullmsg"
fi
else
# msg was set explicitly: either sysfs-not-available error, or a sysfs override
pvulnstatus "$cve" "$status" "$msg" pvulnstatus "$cve" "$status" "$msg"
fi fi
} }

6
src/vulns/CVE-2018-3620.sh
View File

@@ -63,6 +63,7 @@ check_CVE_2018_3620_linux() {
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
elif [ -z "$msg" ]; then elif [ -z "$msg" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test # if msg is empty, sysfs check didn't fill it, rely on our own test
if [ "$opt_sysfs_only" != 1 ]; then
if [ "$pteinv_supported" = 1 ]; then if [ "$pteinv_supported" = 1 ]; then
if [ "$pteinv_active" = 1 ] || [ "$opt_live" != 1 ]; then if [ "$pteinv_active" = 1 ] || [ "$opt_live" != 1 ]; then
pvulnstatus "$cve" OK "PTE inversion mitigates the vulnerability" pvulnstatus "$cve" OK "PTE inversion mitigates the vulnerability"
@@ -73,6 +74,11 @@ check_CVE_2018_3620_linux() {
pvulnstatus "$cve" VULN "Your kernel doesn't support PTE inversion, update it" pvulnstatus "$cve" VULN "Your kernel doesn't support PTE inversion, update it"
fi fi
else else
# --sysfs-only: sysfs was available (otherwise msg would be set), use its result
pvulnstatus "$cve" "$status" "$ret_sys_interface_check_fullmsg"
fi
else
# msg was set explicitly: either sysfs-not-available error, or a sysfs override
pvulnstatus "$cve" "$status" "$msg" pvulnstatus "$cve" "$status" "$msg"
fi fi
} }