speed47
commented
4 years ago The script has two main sections: the first one is about your hardware (and your hardware only), the second is about how/if your operating system is mitigating the vulnerabilities your hardware has.
The first output you're referring to is the hardware part, and its only job is to tell you whether your hardware has design defects that make it vulnerable to specific attacks. If this is the case, then such attacks may be mitigated by your operating system, or firmware updates, or both, and that's detailed in the second part. So the first part is not a conclusion, it's just plain facts on your hardware. I'm not sure "affected by" would be clearer than "vulnerable to" in this first part, because in both cases, if you have mitigations in place, then you're "protected".
If you're only interested in "am I OK or not right now under my current OS?", then you can just look at the "conclusion" of the script: the summary on the last line.
The output of the script can be a bit confusing. For example, it will first say something like "Vulnerable to Spectre Variant 1: Yes" (check_cpu_vulnerabilities function) and then say "Status: not vulnerable (mitigated)" after checking the mitigation. Wouldn't it be better to either: a.- Change the first message to "Affected by" instead of "Vulnerable to"? b.- Remove the first output all together"