fix: CVE-2024-3635[0,7] don't print lines about TSA CPUID bits under non-AMD

2026-04-07 09:13:20 +02:00 · 2026-04-06 03:09:18 +02:00
parent b71465ff74
commit 6106dce8d8
2 changed files with 34 additions and 30 deletions
--- a/src/vulns/CVE-2024-36350.sh
+++ b/src/vulns/CVE-2024-36350.sh
@@ -93,22 +93,24 @@ check_CVE_2024_36350_linux() {
            pstatus yellow NO
        fi
-        pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-SQ (TSA_SQ_NO): "
+        if is_amd || is_hygon; then
-        if [ "$cap_tsa_sq_no" = 1 ]; then
+            pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-SQ (TSA_SQ_NO): "
-            pstatus green YES
+            if [ "$cap_tsa_sq_no" = 1 ]; then
-        elif [ "$cap_tsa_sq_no" = 0 ]; then
+                pstatus green YES
-            pstatus yellow NO
+            elif [ "$cap_tsa_sq_no" = 0 ]; then
-        else
+                pstatus yellow NO
-            pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
+            else
-        fi
+                pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
            fi
-        pr_info_nol "* Microcode supports VERW buffer clearing: "
+            pr_info_nol "* Microcode supports VERW buffer clearing: "
-        if [ "$cap_verw_clear" = 1 ]; then
+            if [ "$cap_verw_clear" = 1 ]; then
-            pstatus green YES
+                pstatus green YES
-        elif [ "$cap_verw_clear" = 0 ]; then
+            elif [ "$cap_verw_clear" = 0 ]; then
-            pstatus yellow NO
+                pstatus yellow NO
-        else
+            else
-            pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
+                pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
            fi
        fi
        pr_info_nol "* Hyper-Threading (SMT) is enabled: "
--- a/src/vulns/CVE-2024-36357.sh
+++ b/src/vulns/CVE-2024-36357.sh
@@ -93,22 +93,24 @@ check_CVE_2024_36357_linux() {
            pstatus yellow NO
        fi
-        pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-L1 (TSA_L1_NO): "
+        if is_amd || is_hygon; then
-        if [ "$cap_tsa_l1_no" = 1 ]; then
+            pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-L1 (TSA_L1_NO): "
-            pstatus green YES
+            if [ "$cap_tsa_l1_no" = 1 ]; then
-        elif [ "$cap_tsa_l1_no" = 0 ]; then
+                pstatus green YES
-            pstatus yellow NO
+            elif [ "$cap_tsa_l1_no" = 0 ]; then
-        else
+                pstatus yellow NO
-            pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
+            else
-        fi
+                pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
            fi
-        pr_info_nol "* Microcode supports VERW buffer clearing: "
+            pr_info_nol "* Microcode supports VERW buffer clearing: "
-        if [ "$cap_verw_clear" = 1 ]; then
+            if [ "$cap_verw_clear" = 1 ]; then
-            pstatus green YES
+                pstatus green YES
-        elif [ "$cap_verw_clear" = 0 ]; then
+            elif [ "$cap_verw_clear" = 0 ]; then
-            pstatus yellow NO
+                pstatus yellow NO
-        else
+            else
-            pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
+                pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021"
            fi
        fi
    elif [ "$sys_interface_available" = 0 ]; then