mirror of
https://github.com/speed47/spectre-meltdown-checker.git
synced 2026-04-28 03:23:20 +02:00
33 lines
1.7 KiB
Bash
33 lines
1.7 KiB
Bash
# vim: set ts=4 sw=4 sts=4 et:
|
|
###############################
|
|
# CVE-2018-3640, Variant 3a, Rogue System Register Read
|
|
|
|
check_CVE_2018_3640() {
|
|
local status sys_interface_available msg cve
|
|
cve='CVE-2018-3640'
|
|
pr_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
|
|
|
|
status=UNK
|
|
sys_interface_available=0
|
|
msg=''
|
|
|
|
pr_info_nol "* CPU microcode mitigates the vulnerability: "
|
|
if [ -n "$cap_ssbd" ]; then
|
|
# microcodes that ship with SSBD are known to also fix affected_variant3a
|
|
# there is no specific cpuid bit as far as we know
|
|
pstatus green YES
|
|
else
|
|
pstatus yellow NO
|
|
fi
|
|
|
|
if ! is_cpu_affected "$cve"; then
|
|
# override status & msg in case CPU is not vulnerable after all
|
|
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
|
|
elif [ -n "$cap_ssbd" ]; then
|
|
pvulnstatus "$cve" OK "your CPU microcode mitigates the vulnerability"
|
|
else
|
|
pvulnstatus "$cve" VULN "an up-to-date CPU microcode is needed to mitigate this vulnerability"
|
|
explain "The microcode of your CPU needs to be upgraded to mitigate this vulnerability. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). The microcode update is enough, there is no additional OS, kernel or software change needed."
|
|
fi
|
|
}
|