fix: remove useless checks under ARM for CVE-2023-28746

built from commit 48454a5344 dated 2026-04-10 19:50:15 +0200 by Stéphane Lesimple (speed47_github@speed47.net)
2026-04-11 11:13:21 +02:00 · 2026-04-10 17:51:49 +00:00
parent 9bef6ec533
commit 7e5eee74ac
1 changed files with 38 additions and 34 deletions
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -13,7 +13,7 @@
 #
 # Stephane Lesimple
 #
-VERSION='26.32.0410728'
+VERSION='26.32.0410743'

 # --- Common paths and basedirs ---
 readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities"
@@ -11147,6 +11147,7 @@ check_CVE_2023_28746_linux() {
    fi

    if [ "$opt_sysfs_only" != 1 ]; then
+        if is_x86_cpu; then
            pr_info_nol "* CPU microcode mitigates the vulnerability: "
            if [ "$cap_rfds_clear" = 1 ]; then
                pstatus green YES "RFDS_CLEAR capability indicated by microcode"
@@ -11155,23 +11156,25 @@ check_CVE_2023_28746_linux() {
            else
                pstatus yellow UNKNOWN "couldn't read MSR"
            fi
+        fi

+        if is_x86_kernel; then
            pr_info_nol "* Kernel supports RFDS mitigation (VERW on transitions): "
            kernel_rfds=''
            kernel_rfds_err=''
            if [ -n "$g_kernel_err" ]; then
                kernel_rfds_err="$g_kernel_err"
-        elif is_x86_kernel && grep -q 'Clear Register File' "$g_kernel"; then
+            elif grep -q 'Clear Register File' "$g_kernel"; then
                kernel_rfds="found 'Clear Register File' string in kernel image"
-        elif is_x86_kernel && grep -q 'reg_file_data_sampling' "$g_kernel"; then
+            elif grep -q 'reg_file_data_sampling' "$g_kernel"; then
                kernel_rfds="found reg_file_data_sampling in kernel image"
            fi
-        if [ -z "$kernel_rfds" ] && is_x86_kernel && [ -r "$opt_config" ]; then
+            if [ -z "$kernel_rfds" ] && [ -r "$opt_config" ]; then
                if grep -q '^CONFIG_MITIGATION_RFDS=y' "$opt_config"; then
                    kernel_rfds="RFDS mitigation config option found enabled in kernel config"
                fi
            fi
-        if [ -z "$kernel_rfds" ] && is_x86_kernel && [ -n "$opt_map" ]; then
+            if [ -z "$kernel_rfds" ] && [ -n "$opt_map" ]; then
                if grep -q 'rfds_select_mitigation' "$opt_map"; then
                    kernel_rfds="found rfds_select_mitigation in System.map"
                fi
@@ -11183,8 +11186,9 @@ check_CVE_2023_28746_linux() {
            else
                pstatus yellow NO
            fi
+        fi

-        if [ "$g_mode" = live ] && [ "$sys_interface_available" = 1 ]; then
+        if is_x86_cpu && [ "$g_mode" = live ] && [ "$sys_interface_available" = 1 ]; then
            pr_info_nol "* RFDS mitigation is enabled and active: "
            if echo "$ret_sys_interface_check_fullmsg" | grep -qi '^Mitigation'; then
                rfds_mitigated=1