peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-03 13:47:08 +02:00
Code Issues Projects Releases Wiki Activity

split script in multiple files, reassembled through build.sh

Browse Source
This commit is contained in:
Stéphane Lesimple
2026-03-30 20:04:16 +02:00
parent 7e660812e9
commit cebda01d05
47 changed files with 7712 additions and 7617 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
src/vulns/CVE-2018-3620.sh Normal file
View File

@@ -0,0 +1,110 @@
# vim: set ts=4 sw=4 sts=4 et:
# CVE-2018-3620 Foreshadow-NG OS (L1 terminal fault OS) - entry point
check_CVE_2018_3620() {
check_cve 'CVE-2018-3620'
}
# CVE-2018-3620 Foreshadow-NG OS (L1 terminal fault OS) - Linux mitigation check
check_CVE_2018_3620_linux() {
local status sys_interface_available msg pteinv_supported pteinv_active
status=UNK
sys_interface_available=0
msg=''
if sys_interface_check "$VULN_SYSFS_BASE/l1tf"; then
# this kernel has the /sys interface, trust it over everything
sys_interface_available=1
status=$ret_sys_interface_check_status
fi
if [ "$opt_sysfs_only" != 1 ]; then
pr_info_nol "* Kernel supports PTE inversion: "
if ! command -v "${opt_arch_prefix}strings" >/dev/null 2>&1; then
pstatus yellow UNKNOWN "missing 'strings' tool, please install it"
pteinv_supported=-1
elif [ -n "$g_kernel_err" ]; then
pstatus yellow UNKNOWN "$g_kernel_err"
pteinv_supported=-1
else
if "${opt_arch_prefix}strings" "$g_kernel" | grep -Fq 'PTE Inversion'; then
pstatus green YES "found in kernel image"
pr_debug "pteinv: found pte inversion evidence in kernel image"
pteinv_supported=1
else
pstatus yellow NO
pteinv_supported=0
fi
fi
pr_info_nol "* PTE inversion enabled and active: "
if [ "$opt_live" = 1 ]; then
if [ -n "$ret_sys_interface_check_fullmsg" ]; then
if echo "$ret_sys_interface_check_fullmsg" | grep -q 'Mitigation: PTE Inversion'; then
pstatus green YES
pteinv_active=1
else
pstatus yellow NO
pteinv_active=0
fi
else
pstatus yellow UNKNOWN "sysfs interface not available"
pteinv_active=-1
fi
else
pstatus blue N/A "not testable in offline mode"
fi
elif [ "$sys_interface_available" = 0 ]; then
# we have no sysfs but were asked to use it only!
msg="/sys vulnerability interface use forced, but it's not available!"
status=UNK
fi
if ! is_cpu_affected "$cve"; then
# override status & msg in case CPU is not vulnerable after all
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
elif [ -z "$msg" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test
if [ "$pteinv_supported" = 1 ]; then
if [ "$pteinv_active" = 1 ] || [ "$opt_live" != 1 ]; then
pvulnstatus "$cve" OK "PTE inversion mitigates the vulnerability"
else
pvulnstatus "$cve" VULN "Your kernel supports PTE inversion but it doesn't seem to be enabled"
fi
else
pvulnstatus "$cve" VULN "Your kernel doesn't support PTE inversion, update it"
fi
else
pvulnstatus "$cve" "$status" "$msg"
fi
}
# CVE-2018-3620 Foreshadow-NG OS (L1 terminal fault OS) - BSD mitigation check
check_CVE_2018_3620_bsd() {
local bsd_zero_reserved
pr_info_nol "* Kernel reserved the memory page at physical address 0x0: "
if ! kldstat -q -m vmm; then
kldload vmm 2>/dev/null && g_kldload_vmm=1
pr_debug "attempted to load module vmm, g_kldload_vmm=$g_kldload_vmm"
else
pr_debug "vmm module already loaded"
fi
if sysctl hw.vmm.vmx.l1d_flush >/dev/null 2>&1; then
# https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.2.patch
# this is very difficult to detect that the kernel reserved the 0 page, but this fix
# is part of the exact same patch than the other L1TF CVE, so we detect it
# and deem it as OK if the other patch is there
pstatus green YES
bsd_zero_reserved=1
else
pstatus yellow NO
bsd_zero_reserved=0
fi
if ! is_cpu_affected "$cve"; then
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
else
if [ "$bsd_zero_reserved" = 1 ]; then
pvulnstatus "$cve" OK "kernel mitigates the vulnerability"
else
pvulnstatus "$cve" VULN "your kernel needs to be updated"
fi
fi
}