enh: add --explain text for Zenbleed

This commit is contained in:
Stéphane Lesimple 2023-07-26 10:46:34 +02:00
parent 6844c01242
commit c5661f098f

View File

@ -5944,6 +5944,7 @@ check_CVE_2023_20593_linux()
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
elif [ -z "$msg" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test
zenbleed_print_vuln=0
if [ "$opt_live" = 1 ]; then
if [ "$fp_backup_fix" = 1 ] && [ "$cpu_ucode_zenbleed" = 1 ]; then
# this should never happen, but if it does, it's interesting to know
@ -5953,7 +5954,7 @@ check_CVE_2023_20593_linux()
elif [ "$fp_backup_fix" = 1 ]; then
pvulnstatus $cve OK "Your kernel mitigates Zenbleed"
else
pvulnstatus $cve VULN "Your kernel is too old to mitigate Zenbleed and your CPU microcode doesn't mitigate it either"
zenbleed_print_vuln=1
fi
else
if [ "$cpu_ucode_zenbleed" = 1 ]; then
@ -5961,9 +5962,17 @@ check_CVE_2023_20593_linux()
elif [ -n "$kernel_zenbleed" ]; then
pvulnstatus $cve OK "Your kernel mitigates Zenbleed"
else
zenbleed_print_vuln=1
fi
fi
if [ "$zenbleed_print_vuln" = 1 ]; then
pvulnstatus $cve VULN "Your kernel is too old to mitigate Zenbleed and your CPU microcode doesn't mitigate it either"
explain "Your CPU vendor may have a new microcode for your CPU model that mitigates this issue (refer to the hardware section above)."
explain "Otherwise, the Linux kernel is able to mitigate this issue regardless of the microcode version you have, but in this case"
explain "your kernel is too old to support this, your Linux distribution vendor might have a more recent version you should upgrade to."
explain "Note that either having an up to date microcode OR an up to date kernel is enough to mitigate this issue."
fi
fi
unset zenbleed_print_vuln
else
pvulnstatus $cve "$status" "$msg"
fi