Fix detection of CVE-2018-3615 (L1TF_SGX) (#253)

* Add another location of Arch Linux ARM kernel * Fix detection of CVE-2018-3615 We change the value of variantl1tf in the line directly before so its value will never be "immune". Instead we can directly use the value of variantl1tf to initialize variantl1tf_sgx.
2024-12-05 02:38:04 +01:00 · 2018-09-29 11:35:10 +02:00 · 2018-09-29 11:35:10 +02:00 · 53d6a44754
commit 53d6a44754
parent 297d890ce9
1 changed files with 3 additions and 1 deletions
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@ -484,7 +484,7 @@ is_cpu_vulnerable()
 	[ "$variant3a"   = "immune" ] && variant3a=1   || variant3a=0
 	[ "$variant4"    = "immune" ] && variant4=1    || variant4=0
 	[ "$variantl1tf" = "immune" ] && variantl1tf=1 || variantl1tf=0
-	[ "$variantl1tf" = "immune" ] && variantl1tf_sgx=1 || variantl1tf_sgx=0
+	variantl1tf_sgx="$variantl1tf"
 	# even if we are vulnerable to L1TF, if there's no SGX, we're safe for the original foreshadow
 	[ "$cpuid_sgx" = 0 ] && variantl1tf_sgx=1
 	_debug "is_cpu_vulnerable: final results are <$variant1> <$variant2> <$variant3> <$variant3a> <$variant4> <$variantl1tf> <$variantl1tf_sgx>"
@ -1503,6 +1503,8 @@ if [ "$opt_live" = 1 ]; then
 		[ -e "/boot/Image"               ] && opt_kernel="/boot/Image"
 		# Arch armv5/armv7:
 		[ -e "/boot/zImage"              ] && opt_kernel="/boot/zImage"
+		# Arch arm7:
+		[ -e "/boot/kernel7.img"         ] && opt_kernel="/boot/kernel7.img"
 		# Linux-Libre:
 		[ -e "/boot/vmlinuz-linux-libre" ] && opt_kernel="/boot/vmlinuz-linux-libre"
 		# pine64