Merge 1d252ae539
into b3b7f634e6
This commit is contained in:
commit
ee1c6b3d8c
|
@ -1168,19 +1168,19 @@ check_variant3()
|
|||
fi
|
||||
|
||||
if [ "$opt_live" = 1 ]; then
|
||||
# checking whether we're running under Xen PV 64 bits. If yes, we're not affected by variant3
|
||||
_info_nol "* Checking if we're running under Xen PV (64 bits): "
|
||||
# checking whether we're running under Xen HVM or PVH. If yes, we're not affected by variant3
|
||||
_info_nol "* Checking if we're running under Xen HVM or PVH (64 bits): "
|
||||
if [ "$(uname -m)" = "x86_64" ]; then
|
||||
# XXX do we have a better way that relying on dmesg?
|
||||
if dmesg | grep -q 'Booting paravirtualized kernel on Xen$' ; then
|
||||
if dmesg | grep -Eq 'Booting paravirtualized kernel (with PVH extensions on Xen|on Xen HVM)$' ; then
|
||||
pstatus green YES 'Xen PV is not vulnerable'
|
||||
xen_pv=1
|
||||
elif [ -r /var/log/dmesg ] && grep -q 'Booting paravirtualized kernel on Xen$' /var/log/dmesg; then
|
||||
xen_hvm_pvh=1
|
||||
elif [ -r /var/log/dmesg ] && grep -Eq 'Booting paravirtualized kernel (with PVH extensions on Xen|on Xen HVM)$' /var/log/dmesg; then
|
||||
pstatus green YES 'Xen PV is not vulnerable'
|
||||
xen_pv=1
|
||||
elif [ -r /var/log/kern.log ] && grep -q 'Booting paravirtualized kernel on Xen$' /var/log/kern.log; then
|
||||
xen_hvm_pvh=1
|
||||
elif [ -r /var/log/kern.log ] && grep -Eq 'Booting paravirtualized kernel (with PVH extensions on Xen|on Xen HVM)$' /var/log/kern.log; then
|
||||
pstatus green YES 'Xen PV is not vulnerable'
|
||||
xen_pv=1
|
||||
xen_hvm_pvh=1
|
||||
else
|
||||
pstatus blue NO
|
||||
fi
|
||||
|
@ -1200,8 +1200,8 @@ check_variant3()
|
|||
if [ "$opt_live" = 1 ]; then
|
||||
if [ "$kpti_enabled" = 1 ]; then
|
||||
pvulnstatus $cve OK "PTI mitigates the vulnerability"
|
||||
elif [ "$xen_pv" = 1 ]; then
|
||||
pvulnstatus $cve OK "Xen PV 64 bits is not vulnerable"
|
||||
elif [ "$xen_hvm_pvh" = 1 ]; then
|
||||
pvulnstatus $cve OK "Xen HVM/PVH 64 bits are not vulnerable"
|
||||
else
|
||||
pvulnstatus $cve VULN "PTI is needed to mitigate the vulnerability"
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue