# vim: set ts=4 sw=4 sts=4 et:
###############################
# CVE-2024-45332, BPI, Branch Privilege Injection

check_CVE_2024_45332() {
    check_cve 'CVE-2024-45332'
}

check_CVE_2024_45332_linux() {
    local status sys_interface_available msg
    status=UNK
    sys_interface_available=0
    msg=''

    # There is no dedicated sysfs file for this vulnerability, and no kernel
    # mitigation code.  The fix is purely a microcode update that corrects the
    # asynchronous branch predictor update timing so that eIBRS and IBPB work
    # as originally intended.  There is no new CPUID bit, MSR bit, or ARCH_CAP
    # flag to detect the fix, so we hardcode known-fixing microcode versions
    # per CPU (see bpi_ucode_list in is_cpu_affected).

    # shellcheck disable=SC2154
    if ! is_cpu_affected "$cve"; then
        pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
    elif [ -z "$g_bpi_fixed_ucode_version" ]; then
        # CPU matched the model blacklist but has no known fixing microcode
        # (likely an EOL stepping that Intel won't release a fix for)
        pvulnstatus "$cve" VULN "your CPU is affected and no microcode update is available for your CPU stepping"
        explain "CVE-2024-45332 (Branch Privilege Injection) is a race condition in the branch predictor\n" \
            "that undermines eIBRS and IBPB protections. The fix is a microcode update, but no\n" \
            "update is available for your specific CPU stepping."
    else
        pr_info_nol "* BPI is mitigated by microcode: "
        if [ -z "$cpu_ucode" ]; then
            pstatus yellow UNKNOWN "couldn't get your microcode version"
            pvulnstatus "$cve" UNK "couldn't detect microcode version to verify mitigation"
        elif [ "$cpu_ucode" -lt "$g_bpi_fixed_ucode_version" ]; then
            pstatus yellow NO "You have ucode $(printf "0x%x" "$cpu_ucode") and version $(printf "0x%x" "$g_bpi_fixed_ucode_version") minimum is required"
            pvulnstatus "$cve" VULN "Your microcode is too old to mitigate the vulnerability"
            explain "CVE-2024-45332 (Branch Privilege Injection) is a race condition in the branch predictor\n" \
                "that undermines eIBRS and IBPB protections. The fix is a microcode update only.\n" \
                "No kernel changes are required."
        else
            pstatus green YES "You have ucode $(printf "0x%x" "$cpu_ucode") which is recent enough (>= $(printf "0x%x" "$g_bpi_fixed_ucode_version"))"
            pvulnstatus "$cve" OK "Your microcode mitigates the vulnerability"
        fi
    fi
}

check_CVE_2024_45332_bsd() {
    if ! is_cpu_affected "$cve"; then
        pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
    else
        pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script"
    fi
}