From 7e5eee74acc53bb549e199d862dfc224ab8d8453 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 10 Apr 2026 17:51:49 +0000 Subject: [PATCH] fix: remove useless checks under ARM for CVE-2023-28746 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit built from commit 48454a534451e922c3e13e696f98cd07b6459fdb dated 2026-04-10 19:50:15 +0200 by Stéphane Lesimple (speed47_github@speed47.net) --- spectre-meltdown-checker.sh | 72 +++++++++++++++++++------------------ 1 file changed, 38 insertions(+), 34 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 2152264..69b54f4 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -13,7 +13,7 @@ # # Stephane Lesimple # -VERSION='26.32.0410728' +VERSION='26.32.0410743' # --- Common paths and basedirs --- readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities" @@ -11147,44 +11147,48 @@ check_CVE_2023_28746_linux() { fi if [ "$opt_sysfs_only" != 1 ]; then - pr_info_nol "* CPU microcode mitigates the vulnerability: " - if [ "$cap_rfds_clear" = 1 ]; then - pstatus green YES "RFDS_CLEAR capability indicated by microcode" - elif [ "$cap_rfds_clear" = 0 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN "couldn't read MSR" - fi - - pr_info_nol "* Kernel supports RFDS mitigation (VERW on transitions): " - kernel_rfds='' - kernel_rfds_err='' - if [ -n "$g_kernel_err" ]; then - kernel_rfds_err="$g_kernel_err" - elif is_x86_kernel && grep -q 'Clear Register File' "$g_kernel"; then - kernel_rfds="found 'Clear Register File' string in kernel image" - elif is_x86_kernel && grep -q 'reg_file_data_sampling' "$g_kernel"; then - kernel_rfds="found reg_file_data_sampling in kernel image" - fi - if [ -z "$kernel_rfds" ] && is_x86_kernel && [ -r "$opt_config" ]; then - if grep -q '^CONFIG_MITIGATION_RFDS=y' "$opt_config"; then - kernel_rfds="RFDS mitigation config option found enabled in kernel config" + if is_x86_cpu; then + pr_info_nol "* CPU microcode mitigates the vulnerability: " + if [ "$cap_rfds_clear" = 1 ]; then + pstatus green YES "RFDS_CLEAR capability indicated by microcode" + elif [ "$cap_rfds_clear" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read MSR" fi fi - if [ -z "$kernel_rfds" ] && is_x86_kernel && [ -n "$opt_map" ]; then - if grep -q 'rfds_select_mitigation' "$opt_map"; then - kernel_rfds="found rfds_select_mitigation in System.map" + + if is_x86_kernel; then + pr_info_nol "* Kernel supports RFDS mitigation (VERW on transitions): " + kernel_rfds='' + kernel_rfds_err='' + if [ -n "$g_kernel_err" ]; then + kernel_rfds_err="$g_kernel_err" + elif grep -q 'Clear Register File' "$g_kernel"; then + kernel_rfds="found 'Clear Register File' string in kernel image" + elif grep -q 'reg_file_data_sampling' "$g_kernel"; then + kernel_rfds="found reg_file_data_sampling in kernel image" + fi + if [ -z "$kernel_rfds" ] && [ -r "$opt_config" ]; then + if grep -q '^CONFIG_MITIGATION_RFDS=y' "$opt_config"; then + kernel_rfds="RFDS mitigation config option found enabled in kernel config" + fi + fi + if [ -z "$kernel_rfds" ] && [ -n "$opt_map" ]; then + if grep -q 'rfds_select_mitigation' "$opt_map"; then + kernel_rfds="found rfds_select_mitigation in System.map" + fi + fi + if [ -n "$kernel_rfds" ]; then + pstatus green YES "$kernel_rfds" + elif [ -n "$kernel_rfds_err" ]; then + pstatus yellow UNKNOWN "$kernel_rfds_err" + else + pstatus yellow NO fi fi - if [ -n "$kernel_rfds" ]; then - pstatus green YES "$kernel_rfds" - elif [ -n "$kernel_rfds_err" ]; then - pstatus yellow UNKNOWN "$kernel_rfds_err" - else - pstatus yellow NO - fi - if [ "$g_mode" = live ] && [ "$sys_interface_available" = 1 ]; then + if is_x86_cpu && [ "$g_mode" = live ] && [ "$sys_interface_available" = 1 ]; then pr_info_nol "* RFDS mitigation is enabled and active: " if echo "$ret_sys_interface_check_fullmsg" | grep -qi '^Mitigation'; then rfds_mitigated=1