fix: better detect kernel lockdown & no longer require cap_flush_cmd to deem CVE-2018-3615 as mitigated (fix #296)

2026-04-28 11:33:21 +02:00 · 2026-04-06 12:29:26 +02:00
parent b0bb1f4676
commit 3c56ac35dd
4 changed files with 35 additions and 20 deletions
--- a/src/libs/001_core_header.sh
+++ b/src/libs/001_core_header.sh
@@ -17,7 +17,8 @@ VERSION='1.0.0'

 # --- Common paths and basedirs ---
 readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities"
-readonly DEBUGFS_BASE="/sys/kernel/debug"
+readonly SYSKERNEL_BASE="/sys/kernel"
+readonly DEBUGFS_BASE="$SYSKERNEL_BASE/debug"
 readonly SYS_MODULE_BASE="/sys/module"
 readonly CPU_DEV_BASE="/dev/cpu"
 readonly BSD_CPUCTL_DEV_BASE="/dev/cpuctl"