mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2024-12-22 20:33:56 +01:00
chore: wording: model not vulnerable -> model not affected
This commit is contained in:
parent
eee3816757
commit
6682d72ada
@ -3558,7 +3558,7 @@ check_CVE_2017_5753_linux()
|
|||||||
# report status
|
# report status
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ -z "$msg" ]; then
|
elif [ -z "$msg" ]; then
|
||||||
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
||||||
if [ -n "$v1_mask_nospec" ]; then
|
if [ -n "$v1_mask_nospec" ]; then
|
||||||
@ -3593,7 +3593,7 @@ check_CVE_2017_5753_bsd()
|
|||||||
{
|
{
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
else
|
else
|
||||||
pvulnstatus $cve VULN "no mitigation for BSD yet"
|
pvulnstatus $cve VULN "no mitigation for BSD yet"
|
||||||
fi
|
fi
|
||||||
@ -4009,7 +4009,7 @@ check_CVE_2017_5715_linux()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
else
|
else
|
||||||
if [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ -n "$ibpb_enabled" ] && [ "$ibpb_enabled" -ge 1 ] && ( ! is_vulnerable_to_empty_rsb || [ "$rsb_filling" = 1 ] ); then
|
if [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ -n "$ibpb_enabled" ] && [ "$ibpb_enabled" -ge 1 ] && ( ! is_vulnerable_to_empty_rsb || [ "$rsb_filling" = 1 ] ); then
|
||||||
pvulnstatus $cve OK "Full retpoline + IBPB are mitigating the vulnerability"
|
pvulnstatus $cve OK "Full retpoline + IBPB are mitigating the vulnerability"
|
||||||
@ -4188,7 +4188,7 @@ check_CVE_2017_5715_bsd()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ "$retpoline" = 1 ]; then
|
elif [ "$retpoline" = 1 ]; then
|
||||||
pvulnstatus $cve OK "Retpoline mitigates the vulnerability"
|
pvulnstatus $cve OK "Retpoline mitigates the vulnerability"
|
||||||
elif [ "$ibrs_active" = 1 ]; then
|
elif [ "$ibrs_active" = 1 ]; then
|
||||||
@ -4393,7 +4393,7 @@ check_CVE_2017_5754_linux()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ -z "$msg" ]; then
|
elif [ -z "$msg" ]; then
|
||||||
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
||||||
if [ "$opt_live" = 1 ]; then
|
if [ "$opt_live" = 1 ]; then
|
||||||
@ -4480,7 +4480,7 @@ check_CVE_2017_5754_bsd()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ "$kpti_enabled" = 1 ]; then
|
elif [ "$kpti_enabled" = 1 ]; then
|
||||||
pvulnstatus $cve OK "PTI mitigates the vulnerability"
|
pvulnstatus $cve OK "PTI mitigates the vulnerability"
|
||||||
elif [ -n "$kpti_enabled" ]; then
|
elif [ -n "$kpti_enabled" ]; then
|
||||||
@ -4514,7 +4514,7 @@ check_CVE_2018_3640()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ -n "$cpuid_ssbd" ]; then
|
elif [ -n "$cpuid_ssbd" ]; then
|
||||||
pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability"
|
pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability"
|
||||||
else
|
else
|
||||||
@ -4634,7 +4634,7 @@ check_CVE_2018_3639_linux()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ -z "$msg" ] || [ "$msg" = "Vulnerable" ]; then
|
elif [ -z "$msg" ] || [ "$msg" = "Vulnerable" ]; then
|
||||||
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
||||||
if [ -n "$cpuid_ssbd" ]; then
|
if [ -n "$cpuid_ssbd" ]; then
|
||||||
@ -4696,7 +4696,7 @@ check_CVE_2018_3639_bsd()
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
else
|
else
|
||||||
if [ "$ssb_active" = 1 ]; then
|
if [ "$ssb_active" = 1 ]; then
|
||||||
pvulnstatus $cve OK "SSBD mitigates the vulnerability"
|
pvulnstatus $cve OK "SSBD mitigates the vulnerability"
|
||||||
@ -4745,7 +4745,7 @@ check_CVE_2018_3615()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ "$cpu_flush_cmd" = 1 ] || { [ "$msr_locked_down" = 1 ] && [ "$cpuid_l1df" = 1 ]; } ; then
|
elif [ "$cpu_flush_cmd" = 1 ] || { [ "$msr_locked_down" = 1 ] && [ "$cpuid_l1df" = 1 ]; } ; then
|
||||||
pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability"
|
pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability"
|
||||||
else
|
else
|
||||||
@ -4820,7 +4820,7 @@ check_CVE_2018_3620_linux()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ -z "$msg" ]; then
|
elif [ -z "$msg" ]; then
|
||||||
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
||||||
if [ "$pteinv_supported" = 1 ]; then
|
if [ "$pteinv_supported" = 1 ]; then
|
||||||
@ -4859,7 +4859,7 @@ check_CVE_2018_3620_bsd()
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
else
|
else
|
||||||
if [ "$bsd_zero_reserved" = 1 ]; then
|
if [ "$bsd_zero_reserved" = 1 ]; then
|
||||||
pvulnstatus $cve OK "kernel mitigates the vulnerability"
|
pvulnstatus $cve OK "kernel mitigates the vulnerability"
|
||||||
@ -5015,10 +5015,10 @@ check_CVE_2018_3646_linux()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ "$fullmsg" = "Not affected" ]; then
|
elif [ "$fullmsg" = "Not affected" ]; then
|
||||||
# just in case a very recent kernel knows better than we do
|
# just in case a very recent kernel knows better than we do
|
||||||
pvulnstatus $cve OK "your kernel reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your kernel reported your CPU model as not affected"
|
||||||
elif [ "$has_vmm" = 0 ]; then
|
elif [ "$has_vmm" = 0 ]; then
|
||||||
pvulnstatus $cve OK "this system is not running a hypervisor"
|
pvulnstatus $cve OK "this system is not running a hypervisor"
|
||||||
else
|
else
|
||||||
@ -5077,7 +5077,7 @@ check_CVE_2018_3646_bsd()
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
else
|
else
|
||||||
if [ "$kernel_l1d_enabled" = 1 ]; then
|
if [ "$kernel_l1d_enabled" = 1 ]; then
|
||||||
pvulnstatus $cve OK "L1D flushing mitigates the vulnerability"
|
pvulnstatus $cve OK "L1D flushing mitigates the vulnerability"
|
||||||
@ -5205,7 +5205,7 @@ check_mds_bsd()
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
|
||||||
else
|
else
|
||||||
if [ "$cpuid_md_clear" = 1 ]; then
|
if [ "$cpuid_md_clear" = 1 ]; then
|
||||||
if [ "$kernel_md_clear" = 1 ]; then
|
if [ "$kernel_md_clear" = 1 ]; then
|
||||||
@ -5299,7 +5299,7 @@ check_mds_linux()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
|
||||||
else
|
else
|
||||||
if [ "$opt_sysfs_only" != 1 ]; then
|
if [ "$opt_sysfs_only" != 1 ]; then
|
||||||
# compute mystatus and mymsg from our own logic
|
# compute mystatus and mymsg from our own logic
|
||||||
@ -5423,7 +5423,7 @@ check_CVE_2019_11135_linux()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve" ; then
|
if ! is_cpu_vulnerable "$cve" ; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ -z "$msg" ]; then
|
elif [ -z "$msg" ]; then
|
||||||
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
||||||
if [ "$opt_live" = 1 ]; then
|
if [ "$opt_live" = 1 ]; then
|
||||||
@ -5518,7 +5518,7 @@ check_CVE_2018_12207_linux()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve" ; then
|
if ! is_cpu_vulnerable "$cve" ; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ "$has_vmm" = 0 ]; then
|
elif [ "$has_vmm" = 0 ]; then
|
||||||
pvulnstatus "$cve" OK "this system is not running a hypervisor"
|
pvulnstatus "$cve" OK "this system is not running a hypervisor"
|
||||||
elif [ -z "$msg" ]; then
|
elif [ -z "$msg" ]; then
|
||||||
@ -5557,7 +5557,7 @@ check_CVE_2018_12207_bsd()
|
|||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
|
||||||
elif [ -z "$kernel_2m_x_ept" ]; then
|
elif [ -z "$kernel_2m_x_ept" ]; then
|
||||||
pvulnstatus $cve VULN "Your kernel doesn't support mitigating this CVE, you should update it"
|
pvulnstatus $cve VULN "Your kernel doesn't support mitigating this CVE, you should update it"
|
||||||
elif [ "$kernel_2m_x_ept" != 0 ]; then
|
elif [ "$kernel_2m_x_ept" != 0 ]; then
|
||||||
@ -5628,7 +5628,7 @@ check_CVE_2020_0543_linux()
|
|||||||
fi
|
fi
|
||||||
if ! is_cpu_vulnerable "$cve" ; then
|
if ! is_cpu_vulnerable "$cve" ; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
|
||||||
else
|
else
|
||||||
if [ "$opt_sysfs_only" != 1 ]; then
|
if [ "$opt_sysfs_only" != 1 ]; then
|
||||||
if [ "$cpuid_srbds" = 1 ]; then
|
if [ "$cpuid_srbds" = 1 ]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user