From b61baa90dff28a4c0572b531a8ab60ab77bdd1f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Sun, 20 Mar 2022 13:17:04 +0100 Subject: [PATCH] feat: bsd: for unimplemented CVEs, at least report when CPU is not affected --- spectre-meltdown-checker.sh | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 9944c35..ec4e1e7 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -5372,8 +5372,8 @@ check_CVE_2019_11135() _info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m" if [ "$os" = Linux ]; then check_CVE_2019_11135_linux - #elif echo "$os" | grep -q BSD; then - # check_CVE_2019_11135_bsd + elif echo "$os" | grep -q BSD; then + check_CVE_2019_11135_bsd else _warn "Unsupported OS ($os)" fi @@ -5455,6 +5455,16 @@ check_CVE_2019_11135_linux() fi } +check_CVE_2019_11135_bsd() +{ + if ! is_cpu_affected "$cve" ; then + # override status & msg in case CPU is not vulnerable after all + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + else + pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script" + fi +} + ####################### # iTLB Multihit section @@ -5581,6 +5591,8 @@ check_CVE_2020_0543() _info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m" if [ "$os" = Linux ]; then check_CVE_2020_0543_linux + elif echo "$os" | grep -q BSD; then + check_CVE_2020_0543_bsd else _warn "Unsupported OS ($os)" fi @@ -5681,6 +5693,16 @@ check_CVE_2020_0543_linux() fi } +check_CVE_2020_0543_bsd() +{ + if ! is_cpu_affected "$cve"; then + # override status & msg in case CPU is not vulnerable after all + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" + else + pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script" + fi +} + ####################### # END OF VULNS SECTIONS