mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2025-01-05 10:59:07 +01:00
Compare commits
2 Commits
3d21dae168
...
3beefc2587
Author | SHA1 | Date | |
---|---|---|---|
|
3beefc2587 | ||
|
27c36fdb80 |
@ -3682,16 +3682,25 @@ check_CVE_2017_5715_linux()
|
||||
|
||||
if is_vulnerable_to_empty_rsb || [ "$opt_verbose" -ge 2 ]; then
|
||||
_info_nol " * Kernel supports RSB filling: "
|
||||
if ! command -v "${opt_arch_prefix}strings" >/dev/null 2>&1; then
|
||||
pstatus yellow UNKNOWN "missing '${opt_arch_prefix}strings' tool, please install it, usually it's in the binutils package"
|
||||
elif [ -n "$kernel_err" ]; then
|
||||
pstatus yellow UNKNOWN "couldn't check ($kernel_err)"
|
||||
else
|
||||
rsb_filling=$("${opt_arch_prefix}strings" "$kernel" | grep -w 'Filling RSB on context switch')
|
||||
if [ -n "$rsb_filling" ]; then
|
||||
rsb_filling=0
|
||||
if [ "$opt_live" = 1 ] && [ "$opt_no_sysfs" != 1 ]; then
|
||||
# if we're live and we aren't denied looking into /sys, let's do it
|
||||
if echo "$msg" | grep -qw RSB; then
|
||||
rsb_filling=1
|
||||
pstatus green YES
|
||||
fi
|
||||
fi
|
||||
if [ "$rsb_filling" = 0 ]; then
|
||||
if [ -n "$kernel_err" ]; then
|
||||
pstatus yellow UNKNOWN "couldn't check ($kernel_err)"
|
||||
else
|
||||
pstatus yellow NO
|
||||
if grep -qw -e 'Filling RSB on context switch' "$kernel"; then
|
||||
rsb_filling=1
|
||||
pstatus green YES
|
||||
else
|
||||
rsb_filling=0
|
||||
pstatus yellow NO
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
@ -3706,9 +3715,9 @@ check_CVE_2017_5715_linux()
|
||||
# override status & msg in case CPU is not vulnerable after all
|
||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
||||
else
|
||||
if [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ -n "$ibpb_enabled" ] && [ "$ibpb_enabled" -ge 1 ] && ( ! is_vulnerable_to_empty_rsb || [ -n "$rsb_filling" ] ); then
|
||||
if [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ -n "$ibpb_enabled" ] && [ "$ibpb_enabled" -ge 1 ] && ( ! is_vulnerable_to_empty_rsb || [ "$rsb_filling" = 1 ] ); then
|
||||
pvulnstatus $cve OK "Full retpoline + IBPB are mitigating the vulnerability"
|
||||
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ "$opt_paranoid" = 0 ] && ( ! is_vulnerable_to_empty_rsb || [ -n "$rsb_filling" ] ); then
|
||||
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ "$opt_paranoid" = 0 ] && ( ! is_vulnerable_to_empty_rsb || [ "$rsb_filling" = 1 ] ); then
|
||||
pvulnstatus $cve OK "Full retpoline is mitigating the vulnerability"
|
||||
if [ -n "$cpuid_ibpb" ]; then
|
||||
_warn "You should enable IBPB to complete retpoline as a Variant 2 mitigation"
|
||||
@ -5295,7 +5304,7 @@ exit 0 # ok
|
||||
# The builtin version follows, but the user can download an up-to-date copy (to be stored in his $HOME) by using --update-fwdb
|
||||
# To update the builtin version itself (by *modifying* this very file), use --update-builtin-fwdb
|
||||
|
||||
# %%% MCEDB v132.20200108+i20191124
|
||||
# %%% MCEDB v135.20200303+i20200205
|
||||
# I,0x00000611,0x00000B27,19961218
|
||||
# I,0x00000612,0x000000C6,19961210
|
||||
# I,0x00000616,0x000000C6,19961210
|
||||
@ -5486,11 +5495,11 @@ exit 0 # ok
|
||||
# I,0x000306C0,0xFFFF0013,20111110
|
||||
# I,0x000306C1,0xFFFF0014,20120725
|
||||
# I,0x000306C2,0xFFFF0006,20121017
|
||||
# I,0x000306C3,0x00000027,20190226
|
||||
# I,0x000306C3,0x00000028,20191112
|
||||
# I,0x000306D1,0xFFFF0009,20131015
|
||||
# I,0x000306D2,0xFFFF0009,20131219
|
||||
# I,0x000306D3,0xE3121338,20140825
|
||||
# I,0x000306D4,0x0000002E,20190613
|
||||
# I,0x000306D4,0x0000002F,20191112
|
||||
# I,0x000306E0,0x00000008,20120726
|
||||
# I,0x000306E2,0x0000020D,20130321
|
||||
# I,0x000306E3,0x00000308,20130321
|
||||
@ -5503,11 +5512,11 @@ exit 0 # ok
|
||||
# I,0x000306F3,0x0000000D,20160211
|
||||
# I,0x000306F4,0x00000016,20190617
|
||||
# I,0x00040650,0xFFFF000B,20121206
|
||||
# I,0x00040651,0x00000025,20190226
|
||||
# I,0x00040651,0x00000026,20191112
|
||||
# I,0x00040660,0xFFFF0011,20121012
|
||||
# I,0x00040661,0x0000001B,20190226
|
||||
# I,0x00040661,0x0000001C,20191112
|
||||
# I,0x00040670,0xFFFF0006,20140304
|
||||
# I,0x00040671,0x00000021,20190613
|
||||
# I,0x00040671,0x00000022,20191112
|
||||
# I,0x000406A0,0x80124001,20130521
|
||||
# I,0x000406A8,0x0000081F,20140812
|
||||
# I,0x000406A9,0x0000081F,20140812
|
||||
@ -5519,18 +5528,18 @@ exit 0 # ok
|
||||
# I,0x000406D8,0x0000012D,20190916
|
||||
# I,0x000406E1,0x00000020,20141111
|
||||
# I,0x000406E2,0x0000002C,20150521
|
||||
# I,0x000406E3,0x000000D6,20191003
|
||||
# I,0x000406E3,0x800000DA,20200109
|
||||
# I,0x000406E8,0x00000026,20160414
|
||||
# I,0x000406F0,0x00000014,20150702
|
||||
# I,0x000406F1,0x0B000038,20190618
|
||||
# I,0x00050650,0x8000002B,20160208
|
||||
# I,0x00050651,0x8000002B,20160208
|
||||
# I,0x00050652,0x80000037,20170502
|
||||
# I,0x00050653,0x01000151,20190909
|
||||
# I,0x00050654,0x02000065,20190905
|
||||
# I,0x00050653,0x01000154,20191220
|
||||
# I,0x00050654,0x02000069,20191220
|
||||
# I,0x00050655,0x03000012,20190412
|
||||
# I,0x00050656,0x0400002C,20190905
|
||||
# I,0x00050657,0x0500012C,20191124
|
||||
# I,0x00050656,0x04002F00,20200114
|
||||
# I,0x00050657,0x05002F00,20200114
|
||||
# I,0x00050661,0xF1000008,20150130
|
||||
# I,0x00050662,0x0000001C,20190617
|
||||
# I,0x00050663,0x07000019,20190617
|
||||
@ -5542,12 +5551,12 @@ exit 0 # ok
|
||||
# I,0x000506C2,0x00000014,20180511
|
||||
# I,0x000506C8,0x90011010,20160323
|
||||
# I,0x000506C9,0x0000003C,20190722
|
||||
# I,0x000506CA,0x0000001A,20190722
|
||||
# I,0x000506CA,0x0000001C,20190812
|
||||
# I,0x000506D1,0x00000102,20150605
|
||||
# I,0x000506E0,0x00000018,20141119
|
||||
# I,0x000506E1,0x0000002A,20150602
|
||||
# I,0x000506E2,0x0000002E,20150815
|
||||
# I,0x000506E3,0x000000D6,20191003
|
||||
# I,0x000506E3,0x000000DA,20200109
|
||||
# I,0x000506E8,0x00000034,20160710
|
||||
# I,0x000506F0,0x00000010,20160607
|
||||
# I,0x000506F1,0x0000002E,20190321
|
||||
@ -5563,21 +5572,23 @@ exit 0 # ok
|
||||
# I,0x000706E1,0x00000042,20190420
|
||||
# I,0x000706E2,0x00000042,20190420
|
||||
# I,0x000706E4,0x00000042,20190814
|
||||
# I,0x000706E5,0x00000056,20191105
|
||||
# I,0x000706E5,0x00000066,20200109
|
||||
# I,0x00080650,0x00000018,20180108
|
||||
# I,0x000806C0,0x00000034,20190913
|
||||
# I,0x000806E9,0x000000CA,20191015
|
||||
# I,0x000806EA,0x000000CA,20191003
|
||||
# I,0x000806EB,0x000000CA,20191003
|
||||
# I,0x000806EC,0x000000CA,20191003
|
||||
# I,0x000906E9,0x000000CA,20191003
|
||||
# I,0x000906EA,0x000000CA,20191003
|
||||
# I,0x000906EB,0x000000CA,20191003
|
||||
# I,0x000906EC,0x000000CA,20191003
|
||||
# I,0x000906ED,0x000000CA,20191003
|
||||
# I,0x000806E9,0x000000D2,20200109
|
||||
# I,0x000806EA,0x000000D2,20200109
|
||||
# I,0x000806EB,0x000000D2,20200109
|
||||
# I,0x000806EC,0x000000D2,20200110
|
||||
# I,0x000906E9,0x000000D2,20200109
|
||||
# I,0x000906EA,0x000000D2,20200109
|
||||
# I,0x000906EB,0x000000D2,20200109
|
||||
# I,0x000906EC,0x000000D2,20200109
|
||||
# I,0x000906ED,0x000000D2,20200109
|
||||
# I,0x000A0650,0x000000BE,20191010
|
||||
# I,0x000A0651,0x000000C2,20191113
|
||||
# I,0x000A0654,0x000000C2,20191113
|
||||
# I,0x000A0653,0x000000CA,20191126
|
||||
# I,0x000A0654,0x000000C6,20200123
|
||||
# I,0x000A0655,0x000000C8,20200205
|
||||
# I,0x000A0660,0x000000CA,20191003
|
||||
# A,0x00000F00,0x02000008,20070614
|
||||
# A,0x00000F01,0x0000001C,20021031
|
||||
@ -5657,7 +5668,7 @@ exit 0 # ok
|
||||
# A,0x00820F00,0x08200002,20180214
|
||||
# A,0x00820F01,0x08200103,20190417
|
||||
# A,0x00830F00,0x08300027,20190401
|
||||
# A,0x00830F10,0x08301025,20190711
|
||||
# A,0x00830F10,0x08301034,20191024
|
||||
# A,0x00860F00,0x0860000D,20190916
|
||||
# A,0x00860F01,0x08600102,20191117
|
||||
# A,0x00870F00,0x08700004,20181206
|
||||
|
Loading…
Reference in New Issue
Block a user