chore: shellcheck fixes

2026-04-02 05:07:07 +02:00 · 2026-04-01 20:10:29 +00:00
parent 03f63714b5
commit ac327ce7c5
2 changed files with 8 additions and 4 deletions
--- a/src/libs/200_cpu_affected.sh
+++ b/src/libs/200_cpu_affected.sh
@@ -479,7 +479,13 @@ is_cpu_affected() {
        _infer_immune itlbmh
    fi

-    pr_debug "is_cpu_affected: final results are <$affected_variant1> <$affected_variant2> <$affected_variant3> <$affected_variant3a> <$affected_variant4> <$affected_variantl1tf>"
+    # shellcheck disable=SC2154  # affected_zenbleed/inception/tsa/downfall/reptar set via eval (_set_immune)
+    {
+        pr_debug "is_cpu_affected: final results: variant1=$affected_variant1 variant2=$affected_variant2 variant3=$affected_variant3 variant3a=$affected_variant3a"
+        pr_debug "is_cpu_affected: final results: variant4=$affected_variant4 variantl1tf=$affected_variantl1tf msbds=$affected_msbds mfbds=$affected_mfbds"
+        pr_debug "is_cpu_affected: final results: mlpds=$affected_mlpds mdsum=$affected_mdsum taa=$affected_taa itlbmh=$affected_itlbmh srbds=$affected_srbds"
+        pr_debug "is_cpu_affected: final results: zenbleed=$affected_zenbleed inception=$affected_inception tsa=$affected_tsa downfall=$affected_downfall reptar=$affected_reptar"
+    }
    affected_variantl1tf_sgx="$affected_variantl1tf"
    # even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow
    [ "$cap_sgx" = 0 ] && _set_immune variantl1tf_sgx
--- a/src/vulns/CVE-2023-20569.sh
+++ b/src/vulns/CVE-2023-20569.sh
@@ -9,11 +9,10 @@ check_CVE_2023_20569() {

 # CVE-2023-20569 Inception (SRSO, speculative return stack overflow) - Linux mitigation check
 check_CVE_2023_20569_linux() {
-    local status sys_interface_available msg kernel_sro kernel_sro_err kernel_srso kernel_ibpb_entry smt_enabled kernel_srso_accurate_reporting
+    local status sys_interface_available msg kernel_sro kernel_sro_err kernel_srso kernel_ibpb_entry smt_enabled
    status=UNK
    sys_interface_available=0
    msg=''
-    kernel_srso_accurate_reporting=0

    if sys_interface_check "$VULN_SYSFS_BASE/spec_rstack_overflow"; then
        # this kernel has the /sys interface, trust it over everything
@@ -83,7 +82,6 @@ check_CVE_2023_20569_linux() {
        if [ -n "$g_kernel_err" ]; then
            pstatus yellow UNKNOWN "$g_kernel_err"
        elif grep -q 'Vulnerable: Safe RET, no microcode' "$g_kernel"; then
-            kernel_srso_accurate_reporting=1
            pstatus green YES
        elif [ -n "$kernel_sro" ]; then
            pstatus yellow NO "your kernel reports partial SRSO mitigations as fully mitigated, upgrade recommended"