From 3ea8e213ec0ec43ddb5503eb5bff6d7c09f39d46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Thu, 2 Apr 2026 20:47:54 +0200 Subject: [PATCH] chore: add proper header to all src/vulns/* files --- DEVELOPMENT.md | 14 +++++++++++--- src/vulns/CVE-2017-5753.sh | 7 ++----- src/vulns/CVE-2017-5754.sh | 7 ++----- src/vulns/CVE-2018-12126.sh | 5 ++--- src/vulns/CVE-2018-12127.sh | 5 ++--- src/vulns/CVE-2018-12130.sh | 5 ++--- src/vulns/CVE-2018-12207.sh | 7 ++----- src/vulns/CVE-2018-3615.sh | 5 ++--- src/vulns/CVE-2018-3620.sh | 6 +++--- src/vulns/CVE-2018-3639.sh | 7 ++----- src/vulns/CVE-2018-3640.sh | 5 ++--- src/vulns/CVE-2018-3646.sh | 6 +++--- src/vulns/CVE-2019-11091.sh | 5 ++--- src/vulns/CVE-2019-11135.sh | 7 ++----- src/vulns/CVE-2020-0543.sh | 7 ++----- src/vulns/CVE-2022-40982.sh | 21 ++------------------- src/vulns/CVE-2023-20569.sh | 7 ++----- src/vulns/CVE-2023-20593.sh | 7 ++----- src/vulns/CVE-2023-23583.sh | 7 ++----- src/vulns/CVE-2024-36350.sh | 7 ++----- src/vulns/CVE-2024-36357.sh | 7 ++----- 21 files changed, 53 insertions(+), 101 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index da0a324..6949098 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -222,12 +222,20 @@ Before writing code, verify the CVE meets the inclusion criteria (see "CVE Inclu ### Step 1: Create the Vulnerability File -Create `src/vulns/CVE-YYYY-NNNNN.sh`. The file must contain exactly three functions: +Create `src/vulns/CVE-YYYY-NNNNN.sh`. The file header must follow this exact format: + +- **Line 1**: vim modeline (`# vim: set ts=4 sw=4 sts=4 et:`) +- **Line 2**: 31 `#` characters (`###############################`) +- **Line 3**: `# CVE-YYYY-NNNNN, Alias1, Alias2, Complete Name` — the CVE number followed by + all known aliases and the complete name as listed in the `dist/README.md` top table. +- **Line 4**: empty + +The file must contain exactly three functions: ```sh # vim: set ts=4 sw=4 sts=4 et: -#################### -# SHORT_NAME section +############################### +# CVE-YYYY-NNNNN, Short Name, Complete Name # CVE-YYYY-NNNNN SHORT_NAME (one-line description) - entry point check_CVE_YYYY_NNNNN() { diff --git a/src/vulns/CVE-2017-5753.sh b/src/vulns/CVE-2017-5753.sh index 167c776..693fac1 100644 --- a/src/vulns/CVE-2017-5753.sh +++ b/src/vulns/CVE-2017-5753.sh @@ -1,14 +1,12 @@ # vim: set ts=4 sw=4 sts=4 et: -################### -# SPECTRE 1 SECTION +############################### +# CVE-2017-5753, Spectre V1, Bounds Check Bypass -# CVE-2017-5753 Spectre Variant 1 (bounds check bypass) - entry point # Sets: (none directly, delegates to check_cve) check_CVE_2017_5753() { check_cve 'CVE-2017-5753' } -# CVE-2017-5753 Spectre Variant 1 (bounds check bypass) - Linux mitigation check # Sets: g_redhat_canonical_spectre (via check_redhat_canonical_spectre) check_CVE_2017_5753_linux() { local status sys_interface_available msg v1_kernel_mitigated v1_kernel_mitigated_err v1_mask_nospec ret explain_text @@ -279,7 +277,6 @@ check_CVE_2017_5753_linux() { fi } -# CVE-2017-5753 Spectre Variant 1 (bounds check bypass) - BSD mitigation check check_CVE_2017_5753_bsd() { if ! is_cpu_affected "$cve"; then pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" diff --git a/src/vulns/CVE-2017-5754.sh b/src/vulns/CVE-2017-5754.sh index 218e209..2265b55 100644 --- a/src/vulns/CVE-2017-5754.sh +++ b/src/vulns/CVE-2017-5754.sh @@ -1,6 +1,6 @@ # vim: set ts=4 sw=4 sts=4 et: -################## -# MELTDOWN SECTION +############################### +# CVE-2017-5754, Meltdown, Rogue Data Cache Load # no security impact but give a hint to the user in verbose mode # about PCID/INVPCID cpuid features that must be present to avoid @@ -40,12 +40,10 @@ pti_performance_check() { fi } -# CVE-2017-5754 Meltdown (rogue data cache load) - entry point check_CVE_2017_5754() { check_cve 'CVE-2017-5754' } -# CVE-2017-5754 Meltdown (rogue data cache load) - Linux mitigation check check_CVE_2017_5754_linux() { local status sys_interface_available msg kpti_support kpti_can_tell kpti_enabled dmesg_grep pti_xen_pv_domU xen_pv_domo xen_pv_domu explain_text status=UNK @@ -248,7 +246,6 @@ check_CVE_2017_5754_linux() { fi } -# CVE-2017-5754 Meltdown (rogue data cache load) - BSD mitigation check check_CVE_2017_5754_bsd() { local kpti_enabled pr_info_nol "* Kernel supports Page Table Isolation (PTI): " diff --git a/src/vulns/CVE-2018-12126.sh b/src/vulns/CVE-2018-12126.sh index ed6fcf5..b47f5e4 100644 --- a/src/vulns/CVE-2018-12126.sh +++ b/src/vulns/CVE-2018-12126.sh @@ -1,8 +1,7 @@ # vim: set ts=4 sw=4 sts=4 et: -################### -# MSBDS SECTION +############################### +# CVE-2018-12126, MSBDS, Fallout, Microarchitectural Store Buffer Data Sampling -# CVE-2018-12126 MSBDS (microarchitectural store buffer data sampling) - entry point check_CVE_2018_12126() { check_cve 'CVE-2018-12126' check_mds } diff --git a/src/vulns/CVE-2018-12127.sh b/src/vulns/CVE-2018-12127.sh index 18e4e09..84920ce 100644 --- a/src/vulns/CVE-2018-12127.sh +++ b/src/vulns/CVE-2018-12127.sh @@ -1,8 +1,7 @@ # vim: set ts=4 sw=4 sts=4 et: -################### -# MLPDS SECTION +############################### +# CVE-2018-12127, MLPDS, RIDL, Microarchitectural Load Port Data Sampling -# CVE-2018-12127 MLPDS (microarchitectural load port data sampling) - entry point check_CVE_2018_12127() { check_cve 'CVE-2018-12127' check_mds } diff --git a/src/vulns/CVE-2018-12130.sh b/src/vulns/CVE-2018-12130.sh index e225f42..efbd169 100644 --- a/src/vulns/CVE-2018-12130.sh +++ b/src/vulns/CVE-2018-12130.sh @@ -1,8 +1,7 @@ # vim: set ts=4 sw=4 sts=4 et: -################### -# MFBDS SECTION +############################### +# CVE-2018-12130, MFBDS, ZombieLoad, Microarchitectural Fill Buffer Data Sampling -# CVE-2018-12130 MFBDS (microarchitectural fill buffer data sampling) - entry point check_CVE_2018_12130() { check_cve 'CVE-2018-12130' check_mds } diff --git a/src/vulns/CVE-2018-12207.sh b/src/vulns/CVE-2018-12207.sh index c8c4af4..0065b3a 100644 --- a/src/vulns/CVE-2018-12207.sh +++ b/src/vulns/CVE-2018-12207.sh @@ -1,13 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -####################### -# iTLB Multihit section +############################### +# CVE-2018-12207, iTLB Multihit, No eXcuses, Machine Check Exception on Page Size Changes -# CVE-2018-12207 iTLB multihit (machine check exception on page size changes) - entry point check_CVE_2018_12207() { check_cve 'CVE-2018-12207' } -# CVE-2018-12207 iTLB multihit (machine check exception on page size changes) - Linux mitigation check check_CVE_2018_12207_linux() { local status sys_interface_available msg kernel_itlbmh kernel_itlbmh_err status=UNK @@ -85,7 +83,6 @@ check_CVE_2018_12207_linux() { fi } -# CVE-2018-12207 iTLB multihit (machine check exception on page size changes) - BSD mitigation check check_CVE_2018_12207_bsd() { local kernel_2m_x_ept pr_info_nol "* Kernel supports disabling superpages for executable mappings under EPT: " diff --git a/src/vulns/CVE-2018-3615.sh b/src/vulns/CVE-2018-3615.sh index b0f5832..6db32df 100644 --- a/src/vulns/CVE-2018-3615.sh +++ b/src/vulns/CVE-2018-3615.sh @@ -1,8 +1,7 @@ # vim: set ts=4 sw=4 sts=4 et: -########################### -# L1TF / FORESHADOW SECTION +############################### +# CVE-2018-3615, Foreshadow (SGX), L1 Terminal Fault -# CVE-2018-3615 Foreshadow (L1 terminal fault SGX) - entry point check_CVE_2018_3615() { local cve cve='CVE-2018-3615' diff --git a/src/vulns/CVE-2018-3620.sh b/src/vulns/CVE-2018-3620.sh index 186a1d9..835f212 100644 --- a/src/vulns/CVE-2018-3620.sh +++ b/src/vulns/CVE-2018-3620.sh @@ -1,10 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -# CVE-2018-3620 Foreshadow-NG OS (L1 terminal fault OS) - entry point +############################### +# CVE-2018-3620, Foreshadow-NG (OS/SMM), L1 Terminal Fault + check_CVE_2018_3620() { check_cve 'CVE-2018-3620' } -# CVE-2018-3620 Foreshadow-NG OS (L1 terminal fault OS) - Linux mitigation check check_CVE_2018_3620_linux() { local status sys_interface_available msg pteinv_supported pteinv_active status=UNK @@ -83,7 +84,6 @@ check_CVE_2018_3620_linux() { fi } -# CVE-2018-3620 Foreshadow-NG OS (L1 terminal fault OS) - BSD mitigation check check_CVE_2018_3620_bsd() { local bsd_zero_reserved pr_info_nol "* Kernel reserved the memory page at physical address 0x0: " diff --git a/src/vulns/CVE-2018-3639.sh b/src/vulns/CVE-2018-3639.sh index 11de567..b0d1bae 100644 --- a/src/vulns/CVE-2018-3639.sh +++ b/src/vulns/CVE-2018-3639.sh @@ -1,13 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -################### -# VARIANT 4 SECTION +############################### +# CVE-2018-3639, Variant 4, SSB, Speculative Store Bypass -# CVE-2018-3639 Variant 4 (speculative store bypass) - entry point check_CVE_2018_3639() { check_cve 'CVE-2018-3639' } -# CVE-2018-3639 Variant 4 (speculative store bypass) - Linux mitigation check check_CVE_2018_3639_linux() { local status sys_interface_available msg kernel_ssb kernel_ssbd_enabled mitigated_processes status=UNK @@ -135,7 +133,6 @@ check_CVE_2018_3639_linux() { fi } -# CVE-2018-3639 Variant 4 (speculative store bypass) - BSD mitigation check check_CVE_2018_3639_bsd() { local kernel_ssb ssb_enabled ssb_active pr_info_nol "* Kernel supports speculation store bypass: " diff --git a/src/vulns/CVE-2018-3640.sh b/src/vulns/CVE-2018-3640.sh index ed9d445..42a23e4 100644 --- a/src/vulns/CVE-2018-3640.sh +++ b/src/vulns/CVE-2018-3640.sh @@ -1,8 +1,7 @@ # vim: set ts=4 sw=4 sts=4 et: -#################### -# VARIANT 3A SECTION +############################### +# CVE-2018-3640, Variant 3a, Rogue System Register Read -# CVE-2018-3640 Variant 3a (rogue system register read) - entry point check_CVE_2018_3640() { local status sys_interface_available msg cve cve='CVE-2018-3640' diff --git a/src/vulns/CVE-2018-3646.sh b/src/vulns/CVE-2018-3646.sh index 60e3531..0fb3ab3 100644 --- a/src/vulns/CVE-2018-3646.sh +++ b/src/vulns/CVE-2018-3646.sh @@ -1,10 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -# CVE-2018-3646 Foreshadow-NG VMM (L1 terminal fault VMM) - entry point +############################### +# CVE-2018-3646, Foreshadow-NG (VMM), L1 Terminal Fault + check_CVE_2018_3646() { check_cve 'CVE-2018-3646' } -# CVE-2018-3646 Foreshadow-NG VMM (L1 terminal fault VMM) - Linux mitigation check check_CVE_2018_3646_linux() { local status sys_interface_available msg l1d_mode ept_disabled l1d_kernel l1d_kernel_err l1d_xen_hardware l1d_xen_hypervisor l1d_xen_pv_domU smt_enabled status=UNK @@ -234,7 +235,6 @@ check_CVE_2018_3646_linux() { fi } -# CVE-2018-3646 Foreshadow-NG VMM (L1 terminal fault VMM) - BSD mitigation check check_CVE_2018_3646_bsd() { local kernel_l1d_supported kernel_l1d_enabled pr_info_nol "* Kernel supports L1D flushing: " diff --git a/src/vulns/CVE-2019-11091.sh b/src/vulns/CVE-2019-11091.sh index 59c86c2..414d8e4 100644 --- a/src/vulns/CVE-2019-11091.sh +++ b/src/vulns/CVE-2019-11091.sh @@ -1,8 +1,7 @@ # vim: set ts=4 sw=4 sts=4 et: -################### -# MDSUM SECTION +############################### +# CVE-2019-11091, MDSUM, RIDL, Microarchitectural Data Sampling Uncacheable Memory -# CVE-2019-11091 MDSUM (microarchitectural data sampling uncacheable memory) - entry point check_CVE_2019_11091() { check_cve 'CVE-2019-11091' check_mds } diff --git a/src/vulns/CVE-2019-11135.sh b/src/vulns/CVE-2019-11135.sh index 6528862..8ff17f0 100644 --- a/src/vulns/CVE-2019-11135.sh +++ b/src/vulns/CVE-2019-11135.sh @@ -1,13 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -################### -# TAA SECTION +############################### +# CVE-2019-11135, TAA, ZombieLoad V2, TSX Asynchronous Abort -# CVE-2019-11135 TAA (TSX asynchronous abort) - entry point check_CVE_2019_11135() { check_cve 'CVE-2019-11135' } -# CVE-2019-11135 TAA (TSX asynchronous abort) - Linux mitigation check check_CVE_2019_11135_linux() { local status sys_interface_available msg kernel_taa kernel_taa_err status=UNK @@ -85,7 +83,6 @@ check_CVE_2019_11135_linux() { fi } -# CVE-2019-11135 TAA (TSX asynchronous abort) - BSD mitigation check check_CVE_2019_11135_bsd() { local taa_enable taa_state mds_disable kernel_taa kernel_mds pr_info_nol "* Kernel supports TAA mitigation (machdep.mitigations.taa.enable): " diff --git a/src/vulns/CVE-2020-0543.sh b/src/vulns/CVE-2020-0543.sh index 69fc020..c2ef667 100644 --- a/src/vulns/CVE-2020-0543.sh +++ b/src/vulns/CVE-2020-0543.sh @@ -1,13 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -################### -# SRBDS SECTION +############################### +# CVE-2020-0543, SRBDS, CROSSTalk, Special Register Buffer Data Sampling -# CVE-2020-0543 SRBDS (special register buffer data sampling) - entry point check_CVE_2020_0543() { check_cve 'CVE-2020-0543' } -# CVE-2020-0543 SRBDS (special register buffer data sampling) - Linux mitigation check check_CVE_2020_0543_linux() { local status sys_interface_available msg kernel_srbds kernel_srbds_err status=UNK @@ -104,7 +102,6 @@ check_CVE_2020_0543_linux() { fi } -# CVE-2020-0543 SRBDS (special register buffer data sampling) - BSD mitigation check # FreeBSD uses the name "rngds" (Random Number Generator Data Sampling) for SRBDS check_CVE_2020_0543_bsd() { local rngds_enable rngds_state kernel_rngds diff --git a/src/vulns/CVE-2022-40982.sh b/src/vulns/CVE-2022-40982.sh index 0c61467..8de3d1a 100644 --- a/src/vulns/CVE-2022-40982.sh +++ b/src/vulns/CVE-2022-40982.sh @@ -1,13 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -######################### -# Downfall section +############################### +# CVE-2022-40982, Downfall, GDS, Gather Data Sampling -# CVE-2022-40982 Downfall (gather data sampling) - entry point check_CVE_2022_40982() { check_cve 'CVE-2022-40982' } -# CVE-2022-40982 Downfall (gather data sampling) - Linux mitigation check check_CVE_2022_40982_linux() { local status sys_interface_available msg kernel_gds kernel_gds_err kernel_avx_disabled dmesgret ret status=UNK @@ -102,13 +100,6 @@ check_CVE_2022_40982_linux() { # all messages start with either "Not affected", "Vulnerable", "Mitigation", # or "Unknown" status=$ret_sys_interface_check_status - # Override: when the kernel says "Unknown: Dependent on hypervisor status", it - # gave up because it's running as a VM guest and can't read MCU_OPT_CTRL. - # We can often do better: the hypervisor may have exposed GDS_NO or GDS_CTRL - # to us via ARCH_CAPABILITIES, so let our own Phase 2 checks take over. - if echo "$ret_sys_interface_check_fullmsg" | grep -qi 'Dependent on hypervisor'; then - status=UNK - fi fi if [ "$opt_sysfs_only" != 1 ]; then @@ -210,13 +201,6 @@ check_CVE_2022_40982_linux() { pvulnstatus "$cve" VULN "Your microcode is up to date but mitigation is disabled" explain "The GDS mitigation has been explicitly disabled (gather_data_sampling=off or mitigations=off).\n " \ "Remove the kernel parameter to re-enable it." - elif [ "$sys_interface_available" = 1 ] && - echo "$ret_sys_interface_check_fullmsg" | grep -qi 'Dependent on hypervisor'; then - # We're in a VM guest, the kernel gave up, and we couldn't read the - # GDS MSR bits either (cap_gds_ctrl != 1). We genuinely can't tell. - pvulnstatus "$cve" UNK "Running in a VM, mitigation depends on the hypervisor" - explain "This system is running as a virtual machine guest. GDS mitigation must be handled by\n " \ - "the host hypervisor. Contact your VM/cloud provider to verify that GDS is mitigated on the host." elif [ -z "$kernel_gds" ]; then pvulnstatus "$cve" VULN "Your microcode doesn't mitigate the vulnerability, and your kernel doesn't support mitigation" explain "Update both your CPU microcode (via BIOS/firmware update from your OEM) and your kernel\n " \ @@ -236,7 +220,6 @@ check_CVE_2022_40982_linux() { fi } -# CVE-2022-40982 Downfall (gather data sampling) - BSD mitigation check check_CVE_2022_40982_bsd() { if ! is_cpu_affected "$cve"; then pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" diff --git a/src/vulns/CVE-2023-20569.sh b/src/vulns/CVE-2023-20569.sh index d438d4b..b05ad94 100644 --- a/src/vulns/CVE-2023-20569.sh +++ b/src/vulns/CVE-2023-20569.sh @@ -1,13 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -####################### -# Inception section +############################### +# CVE-2023-20569, Inception, SRSO, Return Address Security -# CVE-2023-20569 Inception (SRSO, speculative return stack overflow) - entry point check_CVE_2023_20569() { check_cve 'CVE-2023-20569' } -# CVE-2023-20569 Inception (SRSO, speculative return stack overflow) - Linux mitigation check check_CVE_2023_20569_linux() { local status sys_interface_available msg kernel_sro kernel_sro_err kernel_srso kernel_ibpb_entry smt_enabled status=UNK @@ -206,7 +204,6 @@ check_CVE_2023_20569_linux() { fi } -# CVE-2023-20569 Inception (SRSO, speculative return stack overflow) - BSD mitigation check check_CVE_2023_20569_bsd() { if ! is_cpu_affected "$cve"; then pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" diff --git a/src/vulns/CVE-2023-20593.sh b/src/vulns/CVE-2023-20593.sh index 4003265..2669ecd 100644 --- a/src/vulns/CVE-2023-20593.sh +++ b/src/vulns/CVE-2023-20593.sh @@ -1,13 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -#################### -# Zenbleed section +############################### +# CVE-2023-20593, Zenbleed, Cross-Process Information Leak -# CVE-2023-20593 Zenbleed (cross-process information leak via AVX2) - entry point check_CVE_2023_20593() { check_cve 'CVE-2023-20593' } -# CVE-2023-20593 Zenbleed (cross-process information leak via AVX2) - Linux mitigation check check_CVE_2023_20593_linux() { local status sys_interface_available msg kernel_zenbleed kernel_zenbleed_err fp_backup_fix ucode_zenbleed zenbleed_print_vuln ret status=UNK @@ -119,7 +117,6 @@ check_CVE_2023_20593_linux() { fi } -# CVE-2023-20593 Zenbleed (cross-process information leak via AVX2) - BSD mitigation check check_CVE_2023_20593_bsd() { local zenbleed_enable zenbleed_state kernel_zenbleed pr_info_nol "* Kernel supports Zenbleed mitigation (machdep.mitigations.zenbleed.enable): " diff --git a/src/vulns/CVE-2023-23583.sh b/src/vulns/CVE-2023-23583.sh index 1df1ea6..afb9719 100644 --- a/src/vulns/CVE-2023-23583.sh +++ b/src/vulns/CVE-2023-23583.sh @@ -1,13 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -####################### -# Reptar section +############################### +# CVE-2023-23583, Reptar, Redundant Prefix Issue -# CVE-2023-23583 Reptar (redundant prefix issue) - entry point check_CVE_2023_23583() { check_cve 'CVE-2023-23583' } -# CVE-2023-23583 Reptar (redundant prefix issue) - Linux mitigation check check_CVE_2023_23583_linux() { local status sys_interface_available msg status=UNK @@ -31,7 +29,6 @@ check_CVE_2023_23583_linux() { fi } -# CVE-2023-23583 Reptar (redundant prefix issue) - BSD mitigation check check_CVE_2023_23583_bsd() { if ! is_cpu_affected "$cve"; then pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" diff --git a/src/vulns/CVE-2024-36350.sh b/src/vulns/CVE-2024-36350.sh index 7a24f09..4aec907 100644 --- a/src/vulns/CVE-2024-36350.sh +++ b/src/vulns/CVE-2024-36350.sh @@ -1,13 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -#################### -# TSA-SQ section +############################### +# CVE-2024-36350, TSA-SQ, Transient Scheduler Attack Store Queue -# CVE-2024-36350 TSA-SQ (transient scheduler attack - store queue) - entry point check_CVE_2024_36350() { check_cve 'CVE-2024-36350' } -# CVE-2024-36350 TSA-SQ (transient scheduler attack - store queue) - Linux mitigation check check_CVE_2024_36350_linux() { local status sys_interface_available msg kernel_tsa kernel_tsa_err smt_enabled status=UNK @@ -167,7 +165,6 @@ check_CVE_2024_36350_linux() { fi } -# CVE-2024-36350 TSA-SQ (transient scheduler attack - store queue) - BSD mitigation check check_CVE_2024_36350_bsd() { if ! is_cpu_affected "$cve"; then pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" diff --git a/src/vulns/CVE-2024-36357.sh b/src/vulns/CVE-2024-36357.sh index a5cc825..858b50e 100644 --- a/src/vulns/CVE-2024-36357.sh +++ b/src/vulns/CVE-2024-36357.sh @@ -1,13 +1,11 @@ # vim: set ts=4 sw=4 sts=4 et: -#################### -# TSA-L1 section +############################### +# CVE-2024-36357, TSA-L1, Transient Scheduler Attack L1 -# CVE-2024-36357 TSA-L1 (transient scheduler attack - L1 cache) - entry point check_CVE_2024_36357() { check_cve 'CVE-2024-36357' } -# CVE-2024-36357 TSA-L1 (transient scheduler attack - L1 cache) - Linux mitigation check check_CVE_2024_36357_linux() { local status sys_interface_available msg kernel_tsa kernel_tsa_err status=UNK @@ -160,7 +158,6 @@ check_CVE_2024_36357_linux() { fi } -# CVE-2024-36357 TSA-L1 (transient scheduler attack - L1 cache) - BSD mitigation check check_CVE_2024_36357_bsd() { if ! is_cpu_affected "$cve"; then pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"