From 36263edc5a937db141d36462044c2c418743b46d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Mon, 6 Apr 2026 00:58:49 +0200
Subject: [PATCH] fix: CVE-2020-0543 (SRBDS): microcode mitigation misdetected
 (#492)

---
 src/libs/400_hw_check.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh
index 25fe422..dbbca94 100644
--- a/src/libs/400_hw_check.sh
+++ b/src/libs/400_hw_check.sh
@@ -1122,11 +1122,11 @@ check_cpu() {
         read_msr $MSR_IA32_MCU_OPT_CTRL
         ret=$?
         if [ $ret = $READ_MSR_RET_OK ]; then
-            if [ "$ret_read_msr_value" = "0000000000000000" ]; then
-                #SRBDS mitigation control exists and is enabled via microcode
+            if [ "$((ret_read_msr_value_lo >> 0 & 1))" = 0 ]; then
+                #SRBDS mitigation control exists and is enabled via microcode (RNGDS_MITG_DIS bit is 0)
                 cap_srbds_on=1
             else
-                #SRBDS mitigation control exists but is disabled via microcode
+                #SRBDS mitigation control exists but is disabled via microcode (RNGDS_MITG_DIS bit is 1)
                 cap_srbds_on=0
             fi
         else