enh: add BSD stubs for CVE-2022-40982 CVE-2023-20569 CVE-2023-23583, detecting unaffected CPUs

2026-04-02 13:17:07 +02:00 · 2026-03-31 22:57:37 +02:00
parent 4875b4c71c
commit 690725ccc1
3 changed files with 27 additions and 0 deletions
--- a/src/vulns/CVE-2022-40982.sh
+++ b/src/vulns/CVE-2022-40982.sh
@@ -97,3 +97,12 @@ check_CVE_2022_40982_linux() {
        pvulnstatus "$cve" "$status" "$msg"
    fi
 }
+
+# CVE-2022-40982 Downfall (gather data sampling) - BSD mitigation check
+check_CVE_2022_40982_bsd() {
+    if ! is_cpu_affected "$cve"; then
+        pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
+    else
+        pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script"
+    fi
+}
--- a/src/vulns/CVE-2023-20569.sh
+++ b/src/vulns/CVE-2023-20569.sh
@@ -207,3 +207,12 @@ check_CVE_2023_20569_linux() {
        fi
    fi
 }
+
+# CVE-2023-20569 Inception (SRSO, speculative return stack overflow) - BSD mitigation check
+check_CVE_2023_20569_bsd() {
+    if ! is_cpu_affected "$cve"; then
+        pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
+    else
+        pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script"
+    fi
+}
--- a/src/vulns/CVE-2023-23583.sh
+++ b/src/vulns/CVE-2023-23583.sh
@@ -30,3 +30,12 @@ check_CVE_2023_23583_linux() {
        fi
    fi
 }
+
+# CVE-2023-23583 Reptar (redundant prefix issue) - BSD mitigation check
+check_CVE_2023_23583_bsd() {
+    if ! is_cpu_affected "$cve"; then
+        pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
+    else
+        pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script"
+    fi
+}