From ac327ce7c5f89097d32891666fa264b4157fd8a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Wed, 1 Apr 2026 20:10:29 +0000
Subject: [PATCH] chore: shellcheck fixes

---
 src/libs/200_cpu_affected.sh | 8 +++++++-
 src/vulns/CVE-2023-20569.sh  | 4 +---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/libs/200_cpu_affected.sh b/src/libs/200_cpu_affected.sh
index 4fb4f52..7206a39 100644
--- a/src/libs/200_cpu_affected.sh
+++ b/src/libs/200_cpu_affected.sh
@@ -479,7 +479,13 @@ is_cpu_affected() {
         _infer_immune itlbmh
     fi
 
-    pr_debug "is_cpu_affected: final results are <$affected_variant1> <$affected_variant2> <$affected_variant3> <$affected_variant3a> <$affected_variant4> <$affected_variantl1tf>"
+    # shellcheck disable=SC2154  # affected_zenbleed/inception/tsa/downfall/reptar set via eval (_set_immune)
+    {
+        pr_debug "is_cpu_affected: final results: variant1=$affected_variant1 variant2=$affected_variant2 variant3=$affected_variant3 variant3a=$affected_variant3a"
+        pr_debug "is_cpu_affected: final results: variant4=$affected_variant4 variantl1tf=$affected_variantl1tf msbds=$affected_msbds mfbds=$affected_mfbds"
+        pr_debug "is_cpu_affected: final results: mlpds=$affected_mlpds mdsum=$affected_mdsum taa=$affected_taa itlbmh=$affected_itlbmh srbds=$affected_srbds"
+        pr_debug "is_cpu_affected: final results: zenbleed=$affected_zenbleed inception=$affected_inception tsa=$affected_tsa downfall=$affected_downfall reptar=$affected_reptar"
+    }
     affected_variantl1tf_sgx="$affected_variantl1tf"
     # even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow
     [ "$cap_sgx" = 0 ] && _set_immune variantl1tf_sgx
diff --git a/src/vulns/CVE-2023-20569.sh b/src/vulns/CVE-2023-20569.sh
index 3b27227..d438d4b 100644
--- a/src/vulns/CVE-2023-20569.sh
+++ b/src/vulns/CVE-2023-20569.sh
@@ -9,11 +9,10 @@ check_CVE_2023_20569() {
 
 # CVE-2023-20569 Inception (SRSO, speculative return stack overflow) - Linux mitigation check
 check_CVE_2023_20569_linux() {
-    local status sys_interface_available msg kernel_sro kernel_sro_err kernel_srso kernel_ibpb_entry smt_enabled kernel_srso_accurate_reporting
+    local status sys_interface_available msg kernel_sro kernel_sro_err kernel_srso kernel_ibpb_entry smt_enabled
     status=UNK
     sys_interface_available=0
     msg=''
-    kernel_srso_accurate_reporting=0
 
     if sys_interface_check "$VULN_SYSFS_BASE/spec_rstack_overflow"; then
         # this kernel has the /sys interface, trust it over everything
@@ -83,7 +82,6 @@ check_CVE_2023_20569_linux() {
         if [ -n "$g_kernel_err" ]; then
             pstatus yellow UNKNOWN "$g_kernel_err"
         elif grep -q 'Vulnerable: Safe RET, no microcode' "$g_kernel"; then
-            kernel_srso_accurate_reporting=1
             pstatus green YES
         elif [ -n "$kernel_sro" ]; then
             pstatus yellow NO "your kernel reports partial SRSO mitigations as fully mitigated, upgrade recommended"