peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-03 05:37:11 +02:00
Code Issues Projects Releases Wiki Activity
Files
a77cf8264f58392241e41058acd4574deda5dfd7
spectre-meltdown-checker/src/vulns/CVE-2020-0543.sh
Stéphane Lesimple 3ea8e213ec chore: add proper header to all src/vulns/* files
2026-04-02 21:03:29 +02:00

146 lines
6.7 KiB
Bash
Raw Blame History

# vim: set ts=4 sw=4 sts=4 et:
###############################
# CVE-2020-0543, SRBDS, CROSSTalk, Special Register Buffer Data Sampling
check_CVE_2020_0543() {
check_cve 'CVE-2020-0543'
}
check_CVE_2020_0543_linux() {
local status sys_interface_available msg kernel_srbds kernel_srbds_err
status=UNK
sys_interface_available=0
msg=''
if sys_interface_check "$VULN_SYSFS_BASE/srbds"; then
# this kernel has the /sys interface, trust it over everything
sys_interface_available=1
status=$ret_sys_interface_check_status
fi
if [ "$opt_sysfs_only" != 1 ]; then
pr_info_nol "* SRBDS mitigation control is supported by the kernel: "
kernel_srbds=''
if [ -n "$g_kernel_err" ]; then
kernel_srbds_err="$g_kernel_err"
elif grep -q 'Dependent on hypervisor' "$g_kernel"; then
kernel_srbds="found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation"
fi
if [ -n "$kernel_srbds" ]; then
pstatus green YES "$kernel_srbds"
elif [ -n "$kernel_srbds_err" ]; then
pstatus yellow UNKNOWN "$kernel_srbds_err"
else
pstatus yellow NO
fi
pr_info_nol "* SRBDS mitigation control is enabled and active: "
if [ "$opt_live" = 1 ]; then
if [ -n "$ret_sys_interface_check_fullmsg" ]; then
if echo "$ret_sys_interface_check_fullmsg" | grep -qE '^Mitigation'; then
pstatus green YES "$ret_sys_interface_check_fullmsg"
else
pstatus yellow NO
fi
else
pstatus yellow NO "SRBDS not found in sysfs hierarchy"
fi
else
pstatus blue N/A "not testable in offline mode"
fi
elif [ "$sys_interface_available" = 0 ]; then
# we have no sysfs but were asked to use it only!
msg="/sys vulnerability interface use forced, but it's not available!"
status=UNK
fi
if ! is_cpu_affected "$cve"; then
# override status & msg in case CPU is not vulnerable after all
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
else
if [ "$opt_sysfs_only" != 1 ]; then
if [ "$cap_srbds" = 1 ]; then
# SRBDS mitigation control exists
if [ "$cap_srbds_on" = 1 ]; then
# SRBDS mitigation control is enabled
if [ -z "$msg" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test
if [ "$opt_live" = 1 ]; then
# if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old
pvulnstatus "$cve" OK "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated"
fi
else
if [ -n "$kernel_srbds" ]; then
pvulnstatus "$cve" OK "Your microcode and kernel are both up to date for SRBDS mitigation control. Mitigation is enabled"
else
pvulnstatus "$cve" OK "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated"
fi
fi
elif [ "$cap_srbds_on" = 0 ]; then
# SRBDS mitigation control is disabled
if [ -z "$msg" ]; then
if [ "$opt_live" = 1 ]; then
# if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old
pvulnstatus "$cve" VULN "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated. Mitigation is disabled"
fi
else
if [ -n "$kernel_srbds" ]; then
pvulnstatus "$cve" VULN "Your microcode and kernel are both up to date for SRBDS mitigation control. Mitigation is disabled"
else
pvulnstatus "$cve" VULN "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated. Mitigation is disabled"
fi
fi
else
# rdmsr: CPU 0 cannot read MSR 0x00000123
pvulnstatus "$cve" UNK "Not able to enumerate MSR for SRBDS mitigation control"
fi
else
# [ $cap_srbds != 1 ]
pvulnstatus "$cve" VULN "Your CPU microcode may need to be updated to mitigate the vulnerability"
fi
else
# sysfs only: return the status/msg we got
pvulnstatus "$cve" "$status" "$ret_sys_interface_check_fullmsg"
return
fi
fi
}
# FreeBSD uses the name "rngds" (Random Number Generator Data Sampling) for SRBDS
check_CVE_2020_0543_bsd() {
local rngds_enable rngds_state kernel_rngds
pr_info_nol "* Kernel supports SRBDS mitigation (machdep.mitigations.rngds.enable): "
rngds_enable=$(sysctl -n machdep.mitigations.rngds.enable 2>/dev/null)
if [ -n "$rngds_enable" ]; then
kernel_rngds=1
case "$rngds_enable" in
0) pstatus yellow YES "optimized (RDRAND/RDSEED not locked, faster but vulnerable)" ;;
1) pstatus green YES "mitigated" ;;
*) pstatus yellow YES "unknown value: $rngds_enable" ;;
esac
else
kernel_rngds=0
pstatus yellow NO
fi
pr_info_nol "* SRBDS mitigation state: "
rngds_state=$(sysctl -n machdep.mitigations.rngds.state 2>/dev/null)
if [ -n "$rngds_state" ]; then
if echo "$rngds_state" | grep -qi 'not.affected\|mitigat'; then
pstatus green YES "$rngds_state"
else
pstatus yellow NO "$rngds_state"
fi
else
pstatus yellow NO "sysctl not available"
fi
if ! is_cpu_affected "$cve"; then
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
elif [ "$kernel_rngds" = 1 ] && [ "$rngds_enable" = 1 ]; then
pvulnstatus "$cve" OK "SRBDS mitigation is enabled"
elif [ "$kernel_rngds" = 1 ] && [ "$rngds_enable" = 0 ]; then
pvulnstatus "$cve" VULN "SRBDS mitigation is supported but set to optimized mode (disabled for RDRAND/RDSEED)"
explain "To enable full SRBDS mitigation, run \`sysctl machdep.mitigations.rngds.enable=1'.\n " \
"To make this persistent, add 'machdep.mitigations.rngds.enable=1' to /etc/sysctl.conf."
else
pvulnstatus "$cve" VULN "your kernel doesn't support SRBDS mitigation, update it"
fi
}
Reference in New Issue View Git Blame Copy Permalink