Compare commits
3 Commits
e99a548dcc
...
b8f8c81d51
Author | SHA1 | Date |
---|---|---|
Stéphane Lesimple | b8f8c81d51 | |
Stéphane Lesimple | f34dd5fa7b | |
Stéphane Lesimple | c0869d7341 |
|
@ -12,7 +12,7 @@
|
||||||
#
|
#
|
||||||
# Stephane Lesimple
|
# Stephane Lesimple
|
||||||
#
|
#
|
||||||
VERSION='0.45'
|
VERSION='0.46'
|
||||||
|
|
||||||
trap 'exit_cleanup' EXIT
|
trap 'exit_cleanup' EXIT
|
||||||
trap '_warn "interrupted, cleaning up..."; exit_cleanup; exit 1' INT
|
trap '_warn "interrupted, cleaning up..."; exit_cleanup; exit 1' INT
|
||||||
|
@ -352,7 +352,8 @@ is_cpu_affected()
|
||||||
variant_taa=''
|
variant_taa=''
|
||||||
variant_itlbmh=''
|
variant_itlbmh=''
|
||||||
variant_srbds=''
|
variant_srbds=''
|
||||||
variant_zenbleed=''
|
# Zenbleed if extremely AMD specific, look for "is_and" below:
|
||||||
|
variant_zenbleed=immune
|
||||||
|
|
||||||
if is_cpu_mds_free; then
|
if is_cpu_mds_free; then
|
||||||
[ -z "$variant_msbds" ] && variant_msbds=immune
|
[ -z "$variant_msbds" ] && variant_msbds=immune
|
||||||
|
@ -385,7 +386,6 @@ is_cpu_affected()
|
||||||
variant_mdsum=immune
|
variant_mdsum=immune
|
||||||
variant_taa=immune
|
variant_taa=immune
|
||||||
variant_srbds=immune
|
variant_srbds=immune
|
||||||
variant_zenbleed=immune
|
|
||||||
elif is_intel; then
|
elif is_intel; then
|
||||||
# Intel
|
# Intel
|
||||||
# https://github.com/crozone/SpectrePoC/issues/1 ^F E5200 => spectre 2 not affected
|
# https://github.com/crozone/SpectrePoC/issues/1 ^F E5200 => spectre 2 not affected
|
||||||
|
@ -461,7 +461,6 @@ is_cpu_affected()
|
||||||
_debug "is_cpu_affected: intel family < 6 is immune to l1tf"
|
_debug "is_cpu_affected: intel family < 6 is immune to l1tf"
|
||||||
[ -z "$variantl1tf" ] && variantl1tf=immune
|
[ -z "$variantl1tf" ] && variantl1tf=immune
|
||||||
fi
|
fi
|
||||||
variant_zenbleed=immune
|
|
||||||
elif is_amd || is_hygon; then
|
elif is_amd || is_hygon; then
|
||||||
# AMD revised their statement about variant2 => affected
|
# AMD revised their statement about variant2 => affected
|
||||||
# https://www.amd.com/en/corporate/speculative-execution
|
# https://www.amd.com/en/corporate/speculative-execution
|
||||||
|
@ -478,7 +477,6 @@ is_cpu_affected()
|
||||||
variantl1tf=immune
|
variantl1tf=immune
|
||||||
|
|
||||||
# Zenbleed
|
# Zenbleed
|
||||||
variant_zenbleed=immune
|
|
||||||
amd_legacy_erratum "$(amd_model_range 0x17 0x30 0x0 0x4f 0xf)" && variant_zenbleed=vuln
|
amd_legacy_erratum "$(amd_model_range 0x17 0x30 0x0 0x4f 0xf)" && variant_zenbleed=vuln
|
||||||
amd_legacy_erratum "$(amd_model_range 0x17 0x60 0x0 0x7f 0xf)" && variant_zenbleed=vuln
|
amd_legacy_erratum "$(amd_model_range 0x17 0x60 0x0 0x7f 0xf)" && variant_zenbleed=vuln
|
||||||
amd_legacy_erratum "$(amd_model_range 0x17 0xa0 0x0 0xaf 0xf)" && variant_zenbleed=vuln
|
amd_legacy_erratum "$(amd_model_range 0x17 0xa0 0x0 0xaf 0xf)" && variant_zenbleed=vuln
|
||||||
|
@ -587,7 +585,6 @@ is_cpu_affected()
|
||||||
_debug "is_cpu_affected: for cpu$i and so far, we have <$variant1> <$variant2> <$variant3> <$variant3a> <$variant4>"
|
_debug "is_cpu_affected: for cpu$i and so far, we have <$variant1> <$variant2> <$variant3> <$variant3a> <$variant4>"
|
||||||
done
|
done
|
||||||
variantl1tf=immune
|
variantl1tf=immune
|
||||||
variant_zenbleed=immune
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# we handle iTLB Multihit here (not linked to is_specex_free)
|
# we handle iTLB Multihit here (not linked to is_specex_free)
|
||||||
|
@ -6038,7 +6035,9 @@ check_CVE_2023_20593_linux()
|
||||||
explain "Your CPU vendor may have a new microcode for your CPU model that mitigates this issue (refer to the hardware section above).\n " \
|
explain "Your CPU vendor may have a new microcode for your CPU model that mitigates this issue (refer to the hardware section above).\n " \
|
||||||
"Otherwise, the Linux kernel is able to mitigate this issue regardless of the microcode version you have, but in this case\n " \
|
"Otherwise, the Linux kernel is able to mitigate this issue regardless of the microcode version you have, but in this case\n " \
|
||||||
"your kernel is too old to support this, your Linux distribution vendor might have a more recent version you should upgrade to.\n " \
|
"your kernel is too old to support this, your Linux distribution vendor might have a more recent version you should upgrade to.\n " \
|
||||||
"Note that either having an up to date microcode OR an up to date kernel is enough to mitigate this issue."
|
"Note that either having an up to date microcode OR an up to date kernel is enough to mitigate this issue.\n " \
|
||||||
|
"To manually mitigate the issue right now, you may use the following command: \`wrmsr -a 0xc0011029 \$((\$(rdmsr -c 0xc0011029) | (1<<9)))\`,\n " \
|
||||||
|
"however note that this manual mitigation will only be active until the next reboot."
|
||||||
fi
|
fi
|
||||||
unset zenbleed_print_vuln
|
unset zenbleed_print_vuln
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in New Issue