Compare commits
3 Commits
c1c1ac4dbb
...
44223c5308
| Author | SHA1 | Date |
|---|---|---|
Stéphane Lesimple
|
44223c5308 | |
|
Stéphane Lesimple
|
dbe208fc48 | |
|
Stéphane Lesimple
|
aca4e2a9b1 |
|
|
@ -2441,13 +2441,6 @@ if [ "$opt_cpu" != all ] && [ "$opt_cpu" -gt "$max_core_id" ]; then
|
|||
fi
|
||||
|
||||
if [ "$opt_live" = 1 ]; then
|
||||
# root check (only for live mode, for offline mode, we already checked if we could read the files)
|
||||
if [ "$(id -u)" -ne 0 ]; then
|
||||
_warn "Note that you should launch this script with root privileges to get accurate information."
|
||||
_warn "We'll proceed but you might see permission denied errors."
|
||||
_warn "To run it as root, you can try the following command: sudo $0"
|
||||
_warn
|
||||
fi
|
||||
_info "Checking for vulnerabilities on current system"
|
||||
_info "Kernel is \033[35m$os $(uname -r) $(uname -v) $(uname -m)\033[0m"
|
||||
_info "CPU is \033[35m$cpu_friendly_name\033[0m"
|
||||
|
|
@ -2607,7 +2600,7 @@ else
|
|||
kernel_version=$("${opt_arch_prefix}strings" "$kernel" 2>/dev/null | grep -E \
|
||||
-e '^Linux version ' \
|
||||
-e '^[[:alnum:]][^[:space:]]+ \([^[:space:]]+\) #[0-9]+ .+ (19|20)[0-9][0-9]$' \
|
||||
-e '^FreeBSD [0-9]' | head -1)
|
||||
-e '^FreeBSD [0-9]' | grep -v 'ABI compat' | head -1)
|
||||
if [ -z "$kernel_version" ]; then
|
||||
# try even harder with some kernels (such as ARM) that split the release (uname -r) and version (uname -v) in 2 adjacent strings
|
||||
kernel_version=$("${opt_arch_prefix}strings" "$kernel" 2>/dev/null | grep -E -B1 '^#[0-9]+ .+ (19|20)[0-9][0-9]$' | tr "\n" " ")
|
||||
|
|
@ -6236,17 +6229,30 @@ check_CVE_2022_40982_linux() {
|
|||
fi
|
||||
|
||||
if [ -n "$kernel_gds" ]; then
|
||||
_info_nol "* Is the kernel mitigation active: "
|
||||
_info_nol "* Kernel has disabled AVX as a mitigation: "
|
||||
|
||||
# Check dmesg message to see whether AVX has been disabled
|
||||
dmesg_grep 'Microcode update needed! Disabling AVX as mitigation'; ret=$?
|
||||
if [ $ret -eq 2 ]; then
|
||||
pstatus yellow UNKNOWN "dmesg truncated, AVX mitigation detection will be unreliable. Please reboot and relaunch this script"
|
||||
elif [ $ret -eq 0 ]; then
|
||||
kernel_avx_disabled="AVX disabled by the kernel"
|
||||
dmesg_grep 'Microcode update needed! Disabling AVX as mitigation'; dmesgret=$?
|
||||
if [ $dmesgret -eq 0 ]; then
|
||||
kernel_avx_disabled="AVX disabled by the kernel (dmesg)"
|
||||
pstatus green YES "$kernel_avx_disabled"
|
||||
elif [ "$has_avx2" = 0 ]; then
|
||||
# Find out by ourselves
|
||||
# cpuinfo says we don't have AVX2, query
|
||||
# the CPU directly about AVX2 support
|
||||
read_cpuid 0x7 0x0 $EBX 5 1 1; ret=$?
|
||||
if [ $ret -eq $READ_CPUID_RET_OK ]; then
|
||||
kernel_avx_disabled="AVX disabled by the kernel (cpuid)"
|
||||
pstatus green YES "$kernel_avx_disabled"
|
||||
elif [ $ret -eq $READ_CPUID_RET_KO ]; then
|
||||
pstatus yellow NO "CPU doesn't support AVX"
|
||||
elif [ $dmesgret -eq 2 ]; then
|
||||
pstatus yellow UNKNOWN "dmesg truncated, can't tell whether mitigation is active, please reboot and relaunch this script"
|
||||
else
|
||||
pstatus yellow UNKNOWN "No sign of mitigation in dmesg and couldn't read cpuid info"
|
||||
fi
|
||||
else
|
||||
pstatus red NO "No trace of AVX mitigation in dmesg"
|
||||
pstatus yellow NO "AVX support is enabled"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
|
@ -6326,6 +6332,13 @@ if [ -n "$mockme" ] && [ "$opt_mock" = 1 ]; then
|
|||
_warn "To mock this CPU, set those vars: "$(echo "$mockme" | sort -u)
|
||||
fi
|
||||
|
||||
# root check
|
||||
if [ "$(id -u)" -ne 0 ]; then
|
||||
_warn "Note that you should launch this script with root privileges to get completely accurate information."
|
||||
_warn "To run it as root, you can try the following command: sudo $0"
|
||||
_warn
|
||||
fi
|
||||
|
||||
if [ "$opt_explain" = 0 ]; then
|
||||
_info "Need more detailed information about mitigation options? Use --explain"
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in New Issue