From f0fb59310ea5bdab4a49e6f36edbf5fdf342ed11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Wed, 8 Apr 2026 21:42:19 +0200
Subject: [PATCH] fix: add a missing pstatus to CVE-2023-20588 check

---
 src/vulns/CVE-2018-3615.sh.rej | 31 +++++++++++++++++++++++++++++++
 src/vulns/CVE-2023-20588.sh    | 10 +++++++++-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 src/vulns/CVE-2018-3615.sh.rej

diff --git a/src/vulns/CVE-2018-3615.sh.rej b/src/vulns/CVE-2018-3615.sh.rej
new file mode 100644
index 0000000..709b9f6
--- /dev/null
+++ b/src/vulns/CVE-2018-3615.sh.rej
@@ -0,0 +1,31 @@
+--- src/vulns/CVE-2018-3615.sh
++++ src/vulns/CVE-2018-3615.sh
+@@ -8,15 +8,10 @@ check_CVE_2018_3615() {
+     pr_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
+ 
+     pr_info_nol "* CPU microcode mitigates the vulnerability: "
+-    if { [ "$cap_flush_cmd" = 1 ] || { [ "$g_msr_locked_down" = 1 ] && [ "$cap_l1df" = 1 ]; }; } && [ "$cap_sgx" = 1 ]; then
+-        # no easy way to detect a fixed SGX but we know that
+-        # microcodes that have the FLUSH_CMD MSR also have the
+-        # fixed SGX (for CPUs that support it), because Intel
+-        # delivered fixed microcodes for both issues at the same time
+-        #
+-        # if the system we're running on is locked down (no way to write MSRs),
+-        # make the assumption that if the L1D flush CPUID bit is set, probably
+-        # that FLUSH_CMD MSR is here too
++    if [ "$cap_l1df" = 1 ] && [ "$cap_sgx" = 1 ]; then
++        # the L1D flush CPUID bit indicates that the microcode supports L1D flushing,
++        # and microcodes that have this also have the fixed SGX (for CPUs that support it),
++        # because Intel delivered fixed microcodes for both issues at the same time
+         pstatus green YES
+     elif [ "$cap_sgx" = 1 ]; then
+         pstatus red NO
+@@ -27,7 +22,7 @@ check_CVE_2018_3615() {
+     if ! is_cpu_affected "$cve"; then
+         # override status & msg in case CPU is not vulnerable after all
+         pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
+-    elif [ "$cap_flush_cmd" = 1 ] || { [ "$g_msr_locked_down" = 1 ] && [ "$cap_l1df" = 1 ]; }; then
++    elif [ "$cap_l1df" = 1 ]; then
+         pvulnstatus "$cve" OK "your CPU microcode mitigates the vulnerability"
+     else
+         pvulnstatus "$cve" VULN "your CPU supports SGX and the microcode is not up to date"
diff --git a/src/vulns/CVE-2023-20588.sh b/src/vulns/CVE-2023-20588.sh
index 5c0b5f4..3013c67 100644
--- a/src/vulns/CVE-2023-20588.sh
+++ b/src/vulns/CVE-2023-20588.sh
@@ -122,8 +122,16 @@ check_CVE_2023_20588_linux() {
             pstatus blue N/A "not testable in no-runtime mode"
         fi
 
-        pr_info_nol "* SMT (Simultaneous Multi-Threading) status: "
+        pr_info_nol "* SMT (Simultaneous Multi-Threading) is enabled: "
         is_cpu_smt_enabled
+        smt_ret=$?
+        if [ "$smt_ret" = 0 ]; then
+            pstatus yellow YES
+        elif [ "$smt_ret" = 2 ]; then
+            pstatus yellow UNKNOWN
+        else
+            pstatus green NO
+        fi
     elif [ "$sys_interface_available" = 0 ]; then
         msg="/sys vulnerability interface use forced, but it's not available!"
         status=UNK