mirror of
https://github.com/speed47/spectre-meltdown-checker.git
synced 2026-04-11 11:13:21 +02:00
31 lines
1.1 KiB
Bash
31 lines
1.1 KiB
Bash
# vim: set ts=4 sw=4 sts=4 et:
|
|
###############################
|
|
# CVE-2018-3615, Foreshadow (SGX), L1 Terminal Fault
|
|
|
|
check_CVE_2018_3615() {
|
|
local cve
|
|
cve='CVE-2018-3615'
|
|
pr_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
|
|
|
|
pr_info_nol "* CPU microcode mitigates the vulnerability: "
|
|
if [ "$cap_l1df" = 1 ] && [ "$cap_sgx" = 1 ]; then
|
|
# the L1D flush CPUID bit indicates that the microcode supports L1D flushing,
|
|
# and microcodes that have this also have the fixed SGX (for CPUs that support it),
|
|
# because Intel delivered fixed microcodes for both issues at the same time
|
|
pstatus green YES
|
|
elif [ "$cap_sgx" = 1 ]; then
|
|
pstatus red NO
|
|
else
|
|
pstatus blue N/A
|
|
fi
|
|
|
|
if ! is_cpu_affected "$cve"; then
|
|
# override status & msg in case CPU is not vulnerable after all
|
|
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
|
|
elif [ "$cap_l1df" = 1 ]; then
|
|
pvulnstatus "$cve" OK "your CPU microcode mitigates the vulnerability"
|
|
else
|
|
pvulnstatus "$cve" VULN "your CPU supports SGX and the microcode is not up to date"
|
|
fi
|
|
}
|