From 6682d72adad8f22b81de5d8110e4ecf0f00d1f43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Sun, 20 Mar 2022 13:16:27 +0100 Subject: [PATCH] chore: wording: model not vulnerable -> model not affected --- spectre-meltdown-checker.sh | 42 ++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index d45b803..3be7e5b 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -3558,7 +3558,7 @@ check_CVE_2017_5753_linux() # report status if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test if [ -n "$v1_mask_nospec" ]; then @@ -3593,7 +3593,7 @@ check_CVE_2017_5753_bsd() { if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" else pvulnstatus $cve VULN "no mitigation for BSD yet" fi @@ -4009,7 +4009,7 @@ check_CVE_2017_5715_linux() if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" else if [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ -n "$ibpb_enabled" ] && [ "$ibpb_enabled" -ge 1 ] && ( ! is_vulnerable_to_empty_rsb || [ "$rsb_filling" = 1 ] ); then pvulnstatus $cve OK "Full retpoline + IBPB are mitigating the vulnerability" @@ -4188,7 +4188,7 @@ check_CVE_2017_5715_bsd() if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" elif [ "$retpoline" = 1 ]; then pvulnstatus $cve OK "Retpoline mitigates the vulnerability" elif [ "$ibrs_active" = 1 ]; then @@ -4393,7 +4393,7 @@ check_CVE_2017_5754_linux() if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test if [ "$opt_live" = 1 ]; then @@ -4480,7 +4480,7 @@ check_CVE_2017_5754_bsd() if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" elif [ "$kpti_enabled" = 1 ]; then pvulnstatus $cve OK "PTI mitigates the vulnerability" elif [ -n "$kpti_enabled" ]; then @@ -4514,7 +4514,7 @@ check_CVE_2018_3640() if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" elif [ -n "$cpuid_ssbd" ]; then pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability" else @@ -4634,7 +4634,7 @@ check_CVE_2018_3639_linux() if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$msg" ] || [ "$msg" = "Vulnerable" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test if [ -n "$cpuid_ssbd" ]; then @@ -4696,7 +4696,7 @@ check_CVE_2018_3639_bsd() esac if ! is_cpu_vulnerable "$cve"; then - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" else if [ "$ssb_active" = 1 ]; then pvulnstatus $cve OK "SSBD mitigates the vulnerability" @@ -4745,7 +4745,7 @@ check_CVE_2018_3615() if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" elif [ "$cpu_flush_cmd" = 1 ] || { [ "$msr_locked_down" = 1 ] && [ "$cpuid_l1df" = 1 ]; } ; then pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability" else @@ -4820,7 +4820,7 @@ check_CVE_2018_3620_linux() if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test if [ "$pteinv_supported" = 1 ]; then @@ -4859,7 +4859,7 @@ check_CVE_2018_3620_bsd() fi if ! is_cpu_vulnerable "$cve"; then - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" else if [ "$bsd_zero_reserved" = 1 ]; then pvulnstatus $cve OK "kernel mitigates the vulnerability" @@ -5015,10 +5015,10 @@ check_CVE_2018_3646_linux() if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" elif [ "$fullmsg" = "Not affected" ]; then # just in case a very recent kernel knows better than we do - pvulnstatus $cve OK "your kernel reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your kernel reported your CPU model as not affected" elif [ "$has_vmm" = 0 ]; then pvulnstatus $cve OK "this system is not running a hypervisor" else @@ -5077,7 +5077,7 @@ check_CVE_2018_3646_bsd() esac if ! is_cpu_vulnerable "$cve"; then - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" else if [ "$kernel_l1d_enabled" = 1 ]; then pvulnstatus $cve OK "L1D flushing mitigates the vulnerability" @@ -5205,7 +5205,7 @@ check_mds_bsd() esac if ! is_cpu_vulnerable "$cve"; then - pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" else if [ "$cpuid_md_clear" = 1 ]; then if [ "$kernel_md_clear" = 1 ]; then @@ -5299,7 +5299,7 @@ check_mds_linux() if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" else if [ "$opt_sysfs_only" != 1 ]; then # compute mystatus and mymsg from our own logic @@ -5423,7 +5423,7 @@ check_CVE_2019_11135_linux() if ! is_cpu_vulnerable "$cve" ; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test if [ "$opt_live" = 1 ]; then @@ -5518,7 +5518,7 @@ check_CVE_2018_12207_linux() if ! is_cpu_vulnerable "$cve" ; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" elif [ "$has_vmm" = 0 ]; then pvulnstatus "$cve" OK "this system is not running a hypervisor" elif [ -z "$msg" ]; then @@ -5557,7 +5557,7 @@ check_CVE_2018_12207_bsd() if ! is_cpu_vulnerable "$cve"; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$kernel_2m_x_ept" ]; then pvulnstatus $cve VULN "Your kernel doesn't support mitigating this CVE, you should update it" elif [ "$kernel_2m_x_ept" != 0 ]; then @@ -5628,7 +5628,7 @@ check_CVE_2020_0543_linux() fi if ! is_cpu_vulnerable "$cve" ; then # override status & msg in case CPU is not vulnerable after all - pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable" + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" else if [ "$opt_sysfs_only" != 1 ]; then if [ "$cpuid_srbds" = 1 ]; then