feat: bsd: for unimplemented CVEs, at least report when CPU is not affected

2024-12-22 04:13:38 +01:00 · 2022-03-20 13:17:04 +01:00 · 2022-03-20 13:17:04 +01:00 · b5237e663f
commit b5237e663f
parent 8a30f72afe
1 changed files with 24 additions and 2 deletions
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@ -5369,8 +5369,8 @@ check_CVE_2019_11135()
 	_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
 	if [ "$os" = Linux ]; then
 		check_CVE_2019_11135_linux
-	#elif echo "$os" | grep -q BSD; then
-	#	check_CVE_2019_11135_bsd
+	elif echo "$os" | grep -q BSD; then
+		check_CVE_2019_11135_bsd
 	else
 		_warn "Unsupported OS ($os)"
 	fi
@ -5452,6 +5452,16 @@ check_CVE_2019_11135_linux()
 	fi
 }

+check_CVE_2019_11135_bsd()
+{
+	if ! is_cpu_affected "$cve" ; then
+		# override status & msg in case CPU is not vulnerable after all
+		pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
+	else
+		pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script"
+	fi
+}
+
 #######################
 # iTLB Multihit section

@ -5578,6 +5588,8 @@ check_CVE_2020_0543()
 	_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
 	if [ "$os" = Linux ]; then
 		check_CVE_2020_0543_linux
+	elif echo "$os" | grep -q BSD; then
+		check_CVE_2020_0543_bsd
 	else
 		_warn "Unsupported OS ($os)"
 	fi
@ -5678,6 +5690,16 @@ check_CVE_2020_0543_linux()
 	fi
 }

+check_CVE_2020_0543_bsd()
+{
+	if ! is_cpu_affected "$cve"; then
+		# override status & msg in case CPU is not vulnerable after all
+		pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
+	else
+		pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script"
+	fi
+}
+
 #######################
 # END OF VULNS SECTIONS