peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-02 13:17:07 +02:00
Code Issues Projects Releases Wiki Activity

enh: CVE-2017-5715 (spectre v2): make vuln assessment cap_bhi-aware

Browse Source
This commit is contained in:
Stéphane Lesimple
2026-04-01 21:34:12 +02:00
parent 8c3fb7b2cc
commit 43c515ac74
1 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/vulns/CVE-2017-5715.sh
View File

@@ -788,7 +788,11 @@ check_CVE_2017_5715_linux() {
esac esac
elif [ "$opt_live" != 1 ] && [ -n "$opt_config" ] && [ -r "$opt_config" ]; then elif [ "$opt_live" != 1 ] && [ -n "$opt_config" ] && [ -r "$opt_config" ]; then
if grep -q '^CONFIG_\(MITIGATION_\)\?SPECTRE_BHI' "$opt_config"; then if grep -q '^CONFIG_\(MITIGATION_\)\?SPECTRE_BHI' "$opt_config"; then
v2_bhi_status=sw-loop if [ "$cap_bhi" = 1 ]; then
v2_bhi_status=bhi_dis_s
else
v2_bhi_status=sw-loop
fi
else else
v2_bhi_status=unknown v2_bhi_status=unknown
fi fi
@@ -859,8 +863,13 @@ check_CVE_2017_5715_linux() {
if [ "$v2_bhi_status" = "vulnerable" ]; then if [ "$v2_bhi_status" = "vulnerable" ]; then
_v2_ok=0 _v2_ok=0
_v2_add_caveat "BHI vulnerable" _v2_add_caveat "BHI vulnerable"
elif [ "$v2_bhi_status" = "unknown" ] && is_intel && [ "$cap_rrsba" != 0 ]; then elif [ "$v2_bhi_status" = "unknown" ] && is_intel; then
_v2_add_caveat "BHI status unknown (kernel may lack BHI mitigation)" if [ "$cap_bhi" = 0 ]; then
_v2_ok=0
_v2_add_caveat "BHI vulnerable (no BHI_DIS_S hardware support, no kernel mitigation detected)"
elif [ "$cap_rrsba" != 0 ]; then
_v2_add_caveat "BHI status unknown (kernel may lack BHI mitigation)"
fi
fi fi
# PBRSB check (only matters for VMM hosts) # PBRSB check (only matters for VMM hosts)
@@ -946,6 +955,9 @@ check_CVE_2017_5715_linux() {
if [ "$v2_bhi_status" = "vulnerable" ]; then if [ "$v2_bhi_status" = "vulnerable" ]; then
_v2_ok=0 _v2_ok=0
_v2_add_caveat "BHI vulnerable" _v2_add_caveat "BHI vulnerable"
elif [ "$v2_bhi_status" = "unknown" ] && is_intel && [ "$cap_bhi" = 0 ]; then
_v2_ok=0
_v2_add_caveat "BHI vulnerable (no BHI_DIS_S hardware support, no kernel mitigation detected)"
fi fi
# Vulnerable module check # Vulnerable module check
@@ -999,8 +1011,13 @@ check_CVE_2017_5715_linux() {
if [ "$v2_bhi_status" = "vulnerable" ]; then if [ "$v2_bhi_status" = "vulnerable" ]; then
_v2_ok=0 _v2_ok=0
_v2_add_caveat "BHI vulnerable" _v2_add_caveat "BHI vulnerable"
elif [ "$v2_bhi_status" = "unknown" ] && is_intel && [ "$cap_rrsba" = 1 ]; then elif [ "$v2_bhi_status" = "unknown" ] && is_intel; then
_v2_add_caveat "BHI status unknown with RRSBA" if [ "$cap_bhi" = 0 ] && [ "$cap_rrsba" = 1 ]; then
_v2_ok=0
_v2_add_caveat "BHI vulnerable (no BHI_DIS_S hardware support, RRSBA bypasses retpoline)"
elif [ "$cap_rrsba" = 1 ]; then
_v2_add_caveat "BHI status unknown with RRSBA"
fi
fi fi
# Vulnerable module # Vulnerable module