peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-02 05:07:07 +02:00
Code Issues Projects Releases Wiki Activity

chore: shellcheck fixes

Browse Source
This commit is contained in:
Stéphane Lesimple
2026-04-01 20:10:29 +00:00
parent 03f63714b5
commit ac327ce7c5
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/libs/200_cpu_affected.sh
View File

@@ -479,7 +479,13 @@ is_cpu_affected() {
_infer_immune itlbmh _infer_immune itlbmh
fi fi
pr_debug "is_cpu_affected: final results are <$affected_variant1> <$affected_variant2> <$affected_variant3> <$affected_variant3a> <$affected_variant4> <$affected_variantl1tf>" # shellcheck disable=SC2154 # affected_zenbleed/inception/tsa/downfall/reptar set via eval (_set_immune)
{
pr_debug "is_cpu_affected: final results: variant1=$affected_variant1 variant2=$affected_variant2 variant3=$affected_variant3 variant3a=$affected_variant3a"
pr_debug "is_cpu_affected: final results: variant4=$affected_variant4 variantl1tf=$affected_variantl1tf msbds=$affected_msbds mfbds=$affected_mfbds"
pr_debug "is_cpu_affected: final results: mlpds=$affected_mlpds mdsum=$affected_mdsum taa=$affected_taa itlbmh=$affected_itlbmh srbds=$affected_srbds"
pr_debug "is_cpu_affected: final results: zenbleed=$affected_zenbleed inception=$affected_inception tsa=$affected_tsa downfall=$affected_downfall reptar=$affected_reptar"
}
affected_variantl1tf_sgx="$affected_variantl1tf" affected_variantl1tf_sgx="$affected_variantl1tf"
# even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow # even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow
[ "$cap_sgx" = 0 ] && _set_immune variantl1tf_sgx [ "$cap_sgx" = 0 ] && _set_immune variantl1tf_sgx

4
src/vulns/CVE-2023-20569.sh
View File

@@ -9,11 +9,10 @@ check_CVE_2023_20569() {
# CVE-2023-20569 Inception (SRSO, speculative return stack overflow) - Linux mitigation check # CVE-2023-20569 Inception (SRSO, speculative return stack overflow) - Linux mitigation check
check_CVE_2023_20569_linux() { check_CVE_2023_20569_linux() {
local status sys_interface_available msg kernel_sro kernel_sro_err kernel_srso kernel_ibpb_entry smt_enabled kernel_srso_accurate_reporting local status sys_interface_available msg kernel_sro kernel_sro_err kernel_srso kernel_ibpb_entry smt_enabled
status=UNK status=UNK
sys_interface_available=0 sys_interface_available=0
msg='' msg=''
kernel_srso_accurate_reporting=0
if sys_interface_check "$VULN_SYSFS_BASE/spec_rstack_overflow"; then if sys_interface_check "$VULN_SYSFS_BASE/spec_rstack_overflow"; then
# this kernel has the /sys interface, trust it over everything # this kernel has the /sys interface, trust it over everything
@@ -83,7 +82,6 @@ check_CVE_2023_20569_linux() {
if [ -n "$g_kernel_err" ]; then if [ -n "$g_kernel_err" ]; then
pstatus yellow UNKNOWN "$g_kernel_err" pstatus yellow UNKNOWN "$g_kernel_err"
elif grep -q 'Vulnerable: Safe RET, no microcode' "$g_kernel"; then elif grep -q 'Vulnerable: Safe RET, no microcode' "$g_kernel"; then
kernel_srso_accurate_reporting=1
pstatus green YES pstatus green YES
elif [ -n "$kernel_sro" ]; then elif [ -n "$kernel_sro" ]; then
pstatus yellow NO "your kernel reports partial SRSO mitigations as fully mitigated, upgrade recommended" pstatus yellow NO "your kernel reports partial SRSO mitigations as fully mitigated, upgrade recommended"