mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2024-10-14 20:11:37 +02:00
Add support for SRBDS Update (CVE-2022-21127)
This commit is contained in:
parent
b68ebe67f2
commit
7a7b05db59
6
.github/workflows/check.yml
vendored
6
.github/workflows/check.yml
vendored
@ -24,7 +24,7 @@ jobs:
|
|||||||
fi
|
fi
|
||||||
- name: check direct execution
|
- name: check direct execution
|
||||||
run: |
|
run: |
|
||||||
expected=15
|
expected=16
|
||||||
nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
|
nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
|
||||||
if [ "$nb" -ne "$expected" ]; then
|
if [ "$nb" -ne "$expected" ]; then
|
||||||
echo "Invalid number of CVEs reported: $nb instead of $expected"
|
echo "Invalid number of CVEs reported: $nb instead of $expected"
|
||||||
@ -34,7 +34,7 @@ jobs:
|
|||||||
fi
|
fi
|
||||||
- name: check docker-compose run execution
|
- name: check docker-compose run execution
|
||||||
run: |
|
run: |
|
||||||
expected=15
|
expected=16
|
||||||
docker-compose build
|
docker-compose build
|
||||||
nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
|
nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
|
||||||
if [ "$nb" -ne "$expected" ]; then
|
if [ "$nb" -ne "$expected" ]; then
|
||||||
@ -45,7 +45,7 @@ jobs:
|
|||||||
fi
|
fi
|
||||||
- name: check docker run execution
|
- name: check docker run execution
|
||||||
run: |
|
run: |
|
||||||
expected=15
|
expected=16
|
||||||
docker build -t spectre-meltdown-checker .
|
docker build -t spectre-meltdown-checker .
|
||||||
nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
|
nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
|
||||||
if [ "$nb" -ne "$expected" ]; then
|
if [ "$nb" -ne "$expected" ]; then
|
||||||
|
@ -175,6 +175,8 @@ docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/m
|
|||||||
|
|
||||||
**CVE-2020-0543** Special Register Buffer Data Sampling (SRBDS)
|
**CVE-2020-0543** Special Register Buffer Data Sampling (SRBDS)
|
||||||
|
|
||||||
|
**CVE-2022-21127** Special Register Buffer Data Sampling (SRBDS) Update
|
||||||
|
|
||||||
- Impact: Kernel
|
- Impact: Kernel
|
||||||
- Mitigation: microcode update + kernel update helping to protect various CPU internal buffers from unprivileged speculative access to data
|
- Mitigation: microcode update + kernel update helping to protect various CPU internal buffers from unprivileged speculative access to data
|
||||||
- Performance impact of the mitigation: low
|
- Performance impact of the mitigation: low
|
||||||
|
@ -168,7 +168,7 @@ global_critical=0
|
|||||||
global_unknown=0
|
global_unknown=0
|
||||||
nrpe_vuln=''
|
nrpe_vuln=''
|
||||||
|
|
||||||
supported_cve_list='CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 CVE-2018-3640 CVE-2018-3639 CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 CVE-2019-11135 CVE-2018-12207 CVE-2020-0543'
|
supported_cve_list='CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 CVE-2018-3640 CVE-2018-3639 CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 CVE-2019-11135 CVE-2018-12207 CVE-2020-0543 CVE-2022-21127'
|
||||||
|
|
||||||
# find a sane command to print colored messages, we prefer `printf` over `echo`
|
# find a sane command to print colored messages, we prefer `printf` over `echo`
|
||||||
# because `printf` behavior is more standard across Linux/BSD
|
# because `printf` behavior is more standard across Linux/BSD
|
||||||
@ -293,6 +293,7 @@ cve2name()
|
|||||||
CVE-2019-11135) echo "ZombieLoad V2, TSX Asynchronous Abort (TAA)";;
|
CVE-2019-11135) echo "ZombieLoad V2, TSX Asynchronous Abort (TAA)";;
|
||||||
CVE-2018-12207) echo "No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)";;
|
CVE-2018-12207) echo "No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)";;
|
||||||
CVE-2020-0543) echo "Special Register Buffer Data Sampling (SRBDS)";;
|
CVE-2020-0543) echo "Special Register Buffer Data Sampling (SRBDS)";;
|
||||||
|
CVE-2022-21127) echo "Special Register Buffer Data Sampling (SRBDS) Update";;
|
||||||
*) echo "$0: error: invalid CVE '$1' passed to cve2name()" >&2; exit 255;;
|
*) echo "$0: error: invalid CVE '$1' passed to cve2name()" >&2; exit 255;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
@ -317,6 +318,7 @@ _is_cpu_affected_cached()
|
|||||||
CVE-2019-11135) return $variant_taa;;
|
CVE-2019-11135) return $variant_taa;;
|
||||||
CVE-2018-12207) return $variant_itlbmh;;
|
CVE-2018-12207) return $variant_itlbmh;;
|
||||||
CVE-2020-0543) return $variant_srbds;;
|
CVE-2020-0543) return $variant_srbds;;
|
||||||
|
CVE-2022-21127) return $variant_srbds_update;;
|
||||||
*) echo "$0: error: invalid variant '$1' passed to is_cpu_affected()" >&2; exit 255;;
|
*) echo "$0: error: invalid variant '$1' passed to is_cpu_affected()" >&2; exit 255;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
@ -346,6 +348,7 @@ is_cpu_affected()
|
|||||||
variant_taa=''
|
variant_taa=''
|
||||||
variant_itlbmh=''
|
variant_itlbmh=''
|
||||||
variant_srbds=''
|
variant_srbds=''
|
||||||
|
variant_srbds_update=''
|
||||||
|
|
||||||
if is_cpu_mds_free; then
|
if is_cpu_mds_free; then
|
||||||
[ -z "$variant_msbds" ] && variant_msbds=immune
|
[ -z "$variant_msbds" ] && variant_msbds=immune
|
||||||
@ -365,6 +368,11 @@ is_cpu_affected()
|
|||||||
_debug "is_cpu_affected: cpu not affected by Special Register Buffer Data Sampling"
|
_debug "is_cpu_affected: cpu not affected by Special Register Buffer Data Sampling"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if is_cpu_srbds_update_free; then
|
||||||
|
[ -z "$variant_srbds_update" ] && variant_srbds_update=immune
|
||||||
|
_debug "is_cpu_affected: cpu not affected by Special Register Buffer Data Sampling Update"
|
||||||
|
fi
|
||||||
|
|
||||||
if is_cpu_specex_free; then
|
if is_cpu_specex_free; then
|
||||||
variant1=immune
|
variant1=immune
|
||||||
variant2=immune
|
variant2=immune
|
||||||
@ -378,6 +386,7 @@ is_cpu_affected()
|
|||||||
variant_mdsum=immune
|
variant_mdsum=immune
|
||||||
variant_taa=immune
|
variant_taa=immune
|
||||||
variant_srbds=immune
|
variant_srbds=immune
|
||||||
|
variant_srbds_update=immune
|
||||||
elif is_intel; then
|
elif is_intel; then
|
||||||
# Intel
|
# Intel
|
||||||
# https://github.com/crozone/SpectrePoC/issues/1 ^F E5200 => spectre 2 not affected
|
# https://github.com/crozone/SpectrePoC/issues/1 ^F E5200 => spectre 2 not affected
|
||||||
@ -615,10 +624,11 @@ is_cpu_affected()
|
|||||||
[ "$variant_taa" = "immune" ] && variant_taa=1 || variant_taa=0
|
[ "$variant_taa" = "immune" ] && variant_taa=1 || variant_taa=0
|
||||||
[ "$variant_itlbmh" = "immune" ] && variant_itlbmh=1 || variant_itlbmh=0
|
[ "$variant_itlbmh" = "immune" ] && variant_itlbmh=1 || variant_itlbmh=0
|
||||||
[ "$variant_srbds" = "immune" ] && variant_srbds=1 || variant_srbds=0
|
[ "$variant_srbds" = "immune" ] && variant_srbds=1 || variant_srbds=0
|
||||||
|
[ "$variant_srbds_update" = "immune" ] && variant_srbds_update=1 || variant_srbds_update=0
|
||||||
variantl1tf_sgx="$variantl1tf"
|
variantl1tf_sgx="$variantl1tf"
|
||||||
# even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow
|
# even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow
|
||||||
[ "$cpuid_sgx" = 0 ] && variantl1tf_sgx=1
|
[ "$cpuid_sgx" = 0 ] && variantl1tf_sgx=1
|
||||||
_debug "is_cpu_affected: final results are <$variant1> <$variant2> <$variant3> <$variant3a> <$variant4> <$variantl1tf> <$variantl1tf_sgx>"
|
_debug "is_cpu_affected: final results are <$variant1> <$variant2> <$variant3> <$variant3a> <$variant4> <$variantl1tf> <$variantl1tf_sgx> <$variant_srbds> <$variant_srbds_update>"
|
||||||
is_cpu_affected_cached=1
|
is_cpu_affected_cached=1
|
||||||
_is_cpu_affected_cached "$1"
|
_is_cpu_affected_cached "$1"
|
||||||
return $?
|
return $?
|
||||||
@ -783,6 +793,68 @@ is_cpu_srbds_free()
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
is_cpu_srbds_update_free()
|
||||||
|
{
|
||||||
|
# return zero (0) if the CPU isn't affected by special register buffer data sampling update, one (1) if it is.
|
||||||
|
# If it's not in the list we know, return one (1).
|
||||||
|
# source: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/common.c
|
||||||
|
#
|
||||||
|
# A processor is affected by SRBDS Update if its Family_Model and stepping is in the
|
||||||
|
# following list, with the exception of the listed processors
|
||||||
|
# exporting MDS_NO while Intel TSX is available yet not enabled. The
|
||||||
|
# latter class of processors are only affected when Intel TSX is enabled
|
||||||
|
# by software using TSX_CTRL_MSR otherwise they are not affected.
|
||||||
|
#
|
||||||
|
# ============= ============ ========
|
||||||
|
# common name Family_Model Stepping
|
||||||
|
# ============= ============ ========
|
||||||
|
# IvyBridge 06_3AH All (INTEL_FAM6_IVYBRIDGE)
|
||||||
|
#
|
||||||
|
# Haswell 06_3CH All (INTEL_FAM6_HASWELL)
|
||||||
|
# Haswell_L 06_45H All (INTEL_FAM6_HASWELL_L)
|
||||||
|
# Haswell_G 06_46H All (INTEL_FAM6_HASWELL_G)
|
||||||
|
#
|
||||||
|
# Broadwell_G 06_47H All (INTEL_FAM6_BROADWELL_G)
|
||||||
|
# Broadwell 06_3DH All (INTEL_FAM6_BROADWELL)
|
||||||
|
#
|
||||||
|
# Skylake_L 06_4EH All (INTEL_FAM6_SKYLAKE_L)
|
||||||
|
# Skylake 06_5EH All (INTEL_FAM6_SKYLAKE)
|
||||||
|
#
|
||||||
|
# Kabylake_L 06_8EH <=0xC (MDS_NO) (INTEL_FAM6_KABYLAKE_L)
|
||||||
|
#
|
||||||
|
# Kabylake 06_9EH <=0xD (MDS_NO) (INTEL_FAM6_KABYLAKE)
|
||||||
|
#
|
||||||
|
# Tigerlake 06_8CH 1 (INTEL_FAM6_TIGERLAKE_L)
|
||||||
|
# ============= ============ ========
|
||||||
|
parse_cpu_details
|
||||||
|
if is_intel; then
|
||||||
|
if [ "$cpu_family" = 6 ]; then
|
||||||
|
if [ "$cpu_model" = "$INTEL_FAM6_IVYBRIDGE" ] || \
|
||||||
|
[ "$cpu_model" = "$INTEL_FAM6_HASWELL" ] || \
|
||||||
|
[ "$cpu_model" = "$INTEL_FAM6_HASWELL_L" ] || \
|
||||||
|
[ "$cpu_model" = "$INTEL_FAM6_HASWELL_G" ] || \
|
||||||
|
[ "$cpu_model" = "$INTEL_FAM6_BROADWELL_G" ] || \
|
||||||
|
[ "$cpu_model" = "$INTEL_FAM6_BROADWELL" ] || \
|
||||||
|
[ "$cpu_model" = "$INTEL_FAM6_SKYLAKE_L" ] || \
|
||||||
|
[ "$cpu_model" = "$INTEL_FAM6_SKYLAKE" ]; then
|
||||||
|
return 1
|
||||||
|
elif [ "$cpu_model" = "$INTEL_FAM6_KABYLAKE_L" ] && [ "$cpu_stepping" -le 12 ] || \
|
||||||
|
[ "$cpu_model" = "$INTEL_FAM6_KABYLAKE" ] && [ "$cpu_stepping" -le 13 ]; then
|
||||||
|
if [ "$capabilities_mds_no" -eq 1 ] && { [ "$cpuid_rtm" -eq 0 ] || [ "$tsx_ctrl_msr_rtm_disable" -eq 1 ] ;} ; then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
elif [ "$cpu_model" = "$INTEL_FAM6_TIGERLAKE_L" ] && [ "$cpu_stepping" -eq 1 ]; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
is_cpu_ssb_free()
|
is_cpu_ssb_free()
|
||||||
{
|
{
|
||||||
# return true (0) if the CPU isn't affected by speculative store bypass, false (1) if it does.
|
# return true (0) if the CPU isn't affected by speculative store bypass, false (1) if it does.
|
||||||
@ -1145,7 +1217,7 @@ while [ -n "${1:-}" ]; do
|
|||||||
l1tf) opt_cve_list="$opt_cve_list CVE-2018-3615 CVE-2018-3620 CVE-2018-3646"; opt_cve_all=0;;
|
l1tf) opt_cve_list="$opt_cve_list CVE-2018-3615 CVE-2018-3620 CVE-2018-3646"; opt_cve_all=0;;
|
||||||
taa) opt_cve_list="$opt_cve_list CVE-2019-11135"; opt_cve_all=0;;
|
taa) opt_cve_list="$opt_cve_list CVE-2019-11135"; opt_cve_all=0;;
|
||||||
mcepsc) opt_cve_list="$opt_cve_list CVE-2018-12207"; opt_cve_all=0;;
|
mcepsc) opt_cve_list="$opt_cve_list CVE-2018-12207"; opt_cve_all=0;;
|
||||||
srbds) opt_cve_list="$opt_cve_list CVE-2020-0543"; opt_cve_all=0;;
|
srbds) opt_cve_list="$opt_cve_list CVE-2020-0543 CVE-2022-21127"; opt_cve_all=0;;
|
||||||
*)
|
*)
|
||||||
echo "$0: error: invalid parameter '$2' for --variant, expected either 1, 2, 3, 3a, 4, l1tf, msbds, mfbds, mlpds, mdsum, taa, mcepsc or srbds" >&2;
|
echo "$0: error: invalid parameter '$2' for --variant, expected either 1, 2, 3, 3a, 4, l1tf, msbds, mfbds, mlpds, mdsum, taa, mcepsc or srbds" >&2;
|
||||||
exit 255
|
exit 255
|
||||||
@ -1238,6 +1310,7 @@ pvulnstatus()
|
|||||||
CVE-2019-11135) aka="TAA";;
|
CVE-2019-11135) aka="TAA";;
|
||||||
CVE-2018-12207) aka="ITLBMH";;
|
CVE-2018-12207) aka="ITLBMH";;
|
||||||
CVE-2020-0543) aka="SRBDS";;
|
CVE-2020-0543) aka="SRBDS";;
|
||||||
|
CVE-2022-21127) aka="SRBDS Update";;
|
||||||
*) echo "$0: error: invalid CVE '$1' passed to pvulnstatus()" >&2; exit 255;;
|
*) echo "$0: error: invalid CVE '$1' passed to pvulnstatus()" >&2; exit 255;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -5634,15 +5707,29 @@ check_CVE_2020_0543()
|
|||||||
cve='CVE-2020-0543'
|
cve='CVE-2020-0543'
|
||||||
_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
|
_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
|
||||||
if [ "$os" = Linux ]; then
|
if [ "$os" = Linux ]; then
|
||||||
check_CVE_2020_0543_linux
|
check_CVE_srbds_linux
|
||||||
elif echo "$os" | grep -q BSD; then
|
elif echo "$os" | grep -q BSD; then
|
||||||
check_CVE_2020_0543_bsd
|
check_CVE_srbds_bsd
|
||||||
else
|
else
|
||||||
_warn "Unsupported OS ($os)"
|
_warn "Unsupported OS ($os)"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
check_CVE_2020_0543_linux()
|
# Special Register Buffer Data Sampling (SRBDS) Update
|
||||||
|
check_CVE_2022_21127()
|
||||||
|
{
|
||||||
|
cve='CVE-2022-21127'
|
||||||
|
_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
|
||||||
|
if [ "$os" = Linux ]; then
|
||||||
|
check_CVE_srbds_linux
|
||||||
|
elif echo "$os" | grep -q BSD; then
|
||||||
|
check_CVE_srbds_bsd
|
||||||
|
else
|
||||||
|
_warn "Unsupported OS ($os)"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
check_CVE_srbds_linux()
|
||||||
{
|
{
|
||||||
status=UNK
|
status=UNK
|
||||||
sys_interface_available=0
|
sys_interface_available=0
|
||||||
@ -5737,7 +5824,7 @@ check_CVE_2020_0543_linux()
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
check_CVE_2020_0543_bsd()
|
check_CVE_srbds_bsd()
|
||||||
{
|
{
|
||||||
if ! is_cpu_affected "$cve"; then
|
if ! is_cpu_affected "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
|
Loading…
Reference in New Issue
Block a user