peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-07 09:13:20 +02:00
Code Issues Projects Releases Wiki Activity

fix: don't default to 0x0 ucode when unknown

Browse Source
This commit is contained in:
Stéphane Lesimple
2026-04-06 00:38:55 +02:00
parent e2eba83ce8
commit bf6289adfb
5 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/libs/350_cpu_detect2.sh
View File

@@ -147,8 +147,8 @@ parse_cpu_details() {
fi
fi
# if we got no cpu_ucode (e.g. we're in a vm), fall back to 0x0
: "${cpu_ucode:=0x0}"
# if we got no cpu_ucode (e.g. we're in a vm), leave it empty
# so that we can detect this case and avoid false positives
# on non-x86 systems (e.g. ARM), these fields may not exist in cpuinfo, fall back to 0
: "${cpu_family:=0}"
@@ -163,9 +163,15 @@ parse_cpu_details() {
g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_CPU_UCODE='$cpu_ucode'")
fi
echo "$cpu_ucode" | grep -q ^0x && cpu_ucode=$((cpu_ucode))
g_ucode_found=$(printf "family 0x%x model 0x%x stepping 0x%x ucode 0x%x cpuid 0x%x pfid 0x%x" \
"$cpu_family" "$cpu_model" "$cpu_stepping" "$cpu_ucode" "$cpu_cpuid" "$cpu_platformid")
local ucode_str
if [ -n "$cpu_ucode" ]; then
echo "$cpu_ucode" | grep -q ^0x && cpu_ucode=$((cpu_ucode))
ucode_str=$(printf "0x%x" "$cpu_ucode")
else
ucode_str="unknown"
fi
g_ucode_found=$(printf "family 0x%x model 0x%x stepping 0x%x ucode %s cpuid 0x%x pfid 0x%x" \
"$cpu_family" "$cpu_model" "$cpu_stepping" "$ucode_str" "$cpu_cpuid" "$cpu_platformid")
g_parse_cpu_details_done=1
}

2
src/libs/360_cpu_smt.sh
View File

@@ -210,7 +210,7 @@ has_zenbleed_fixed_firmware() {
model_high=$(echo "$tuple" | cut -d, -f2)
fwver=$(echo "$tuple" | cut -d, -f3)
if [ $((cpu_model)) -ge $((model_low)) ] && [ $((cpu_model)) -le $((model_high)) ]; then
if [ $((cpu_ucode)) -ge $((fwver)) ]; then
if [ -n "$cpu_ucode" ] && [ $((cpu_ucode)) -ge $((fwver)) ]; then
g_zenbleed_fw=0 # true
break
else

4
src/libs/380_hw_microcode.sh
View File

@@ -42,6 +42,10 @@ is_latest_known_ucode() {
ret_is_latest_known_ucode_latest="couldn't get your cpuid"
return 2
fi
if [ -z "$cpu_ucode" ]; then
ret_is_latest_known_ucode_latest="couldn't get your microcode version"
return 2
fi
ret_is_latest_known_ucode_latest="latest microcode version for your CPU model is unknown"
if is_intel; then
brand_prefix=I

5
src/vulns/CVE-2023-23583.sh
View File

@@ -24,7 +24,10 @@ check_CVE_2023_23583_linux() {
pvulnstatus "$cve" VULN "your CPU is affected and no microcode update is available for your CPU stepping"
else
pr_info_nol "* Reptar is mitigated by microcode: "
if [ "$cpu_ucode" -lt "$g_reptar_fixed_ucode_version" ]; then
if [ -z "$cpu_ucode" ]; then
pstatus yellow UNKNOWN "couldn't get your microcode version"
pvulnstatus "$cve" UNK "couldn't detect microcode version to verify mitigation"
elif [ "$cpu_ucode" -lt "$g_reptar_fixed_ucode_version" ]; then
pstatus yellow NO "You have ucode $(printf "0x%x" "$cpu_ucode") and version $(printf "0x%x" "$g_reptar_fixed_ucode_version") minimum is required"
pvulnstatus "$cve" VULN "Your microcode is too old to mitigate the vulnerability"
else

5
src/vulns/CVE-2024-45332.sh
View File

@@ -31,7 +31,10 @@ check_CVE_2024_45332_linux() {
"update is available for your specific CPU stepping."
else
pr_info_nol "* BPI is mitigated by microcode: "
if [ "$cpu_ucode" -lt "$g_bpi_fixed_ucode_version" ]; then
if [ -z "$cpu_ucode" ]; then
pstatus yellow UNKNOWN "couldn't get your microcode version"
pvulnstatus "$cve" UNK "couldn't detect microcode version to verify mitigation"
elif [ "$cpu_ucode" -lt "$g_bpi_fixed_ucode_version" ]; then
pstatus yellow NO "You have ucode $(printf "0x%x" "$cpu_ucode") and version $(printf "0x%x" "$g_bpi_fixed_ucode_version") minimum is required"
pvulnstatus "$cve" VULN "Your microcode is too old to mitigate the vulnerability"
explain "CVE-2024-45332 (Branch Privilege Injection) is a race condition in the branch predictor\n" \