feat: bsd: for unimplemented CVEs, at least report when CPU is not affected

This commit is contained in:
Stéphane Lesimple 2022-03-20 13:17:04 +01:00
parent a98d92f8bc
commit b61baa90df

View File

@ -5372,8 +5372,8 @@ check_CVE_2019_11135()
_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
if [ "$os" = Linux ]; then
check_CVE_2019_11135_linux
#elif echo "$os" | grep -q BSD; then
# check_CVE_2019_11135_bsd
elif echo "$os" | grep -q BSD; then
check_CVE_2019_11135_bsd
else
_warn "Unsupported OS ($os)"
fi
@ -5455,6 +5455,16 @@ check_CVE_2019_11135_linux()
fi
}
check_CVE_2019_11135_bsd()
{
if ! is_cpu_affected "$cve" ; then
# override status & msg in case CPU is not vulnerable after all
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
else
pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script"
fi
}
#######################
# iTLB Multihit section
@ -5581,6 +5591,8 @@ check_CVE_2020_0543()
_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
if [ "$os" = Linux ]; then
check_CVE_2020_0543_linux
elif echo "$os" | grep -q BSD; then
check_CVE_2020_0543_bsd
else
_warn "Unsupported OS ($os)"
fi
@ -5681,6 +5693,16 @@ check_CVE_2020_0543_linux()
fi
}
check_CVE_2020_0543_bsd()
{
if ! is_cpu_affected "$cve"; then
# override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
else
pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script"
fi
}
#######################
# END OF VULNS SECTIONS