From b7596325cd60616bc58de97eb107c6ae14a4adb8 Mon Sep 17 00:00:00 2001
From: Michal Hocko <mhocko@suse.com>
Date: Apr 05 2024 12:48:20 +0000
Subject: scripts/check-kernel-fix: implement -s CVSS option


---

diff --git a/scripts/check-kernel-fix b/scripts/check-kernel-fix
index 248679d..6429f27 100755
--- a/scripts/check-kernel-fix
+++ b/scripts/check-kernel-fix
@@ -46,6 +46,8 @@ usage()
     echo "	    (git pull VULNS_GIT, cve, bsc medata)"
     echo "	-f: flat mode. Do not filter output based on cvss scoring or common"
     echo "	    ancestors."
+    echo "	-s CVSS: override the CVSS score if known. This can be useful when"
+    echo "	   the CVE->CVSS DB is not synced yet."
 }
 
 branch=
@@ -321,7 +323,7 @@ verbose_mode=
 quiet_mode=
 flat_mode=0
 
-while getopts "hvrqf" OPT
+while getopts "hvrqfs:" OPT
 do
     case $OPT in
 	h)
@@ -339,6 +341,9 @@ do
 	    ;;
 	f)
 	    flat_mode=1
+	    ;;
+	s)
+	    cvss=$OPTARG
     esac
 done
 
@@ -369,13 +374,13 @@ bsc=
 if [ -n "$cve" ]
 then
 	bsc=$(cve2bugzilla $cve $refresh)
-	cvss=$(cve2cvss $cve $refresh)
+	[ -z "$cvss" ] && cvss=$(cve2cvss $cve $refresh)
 	echo "Security fix for $cve $bsc with CVSS ${cvss:-unknown (assuming high impact), re-check later with -r}"
 else
 	# emulate no CVE fix as CVSS==0. This will typically happen
 	# for upstream commit with Fixes: which we want to target to
 	# less conservative branches only
-	cvss=0
+	[ -z "$cvss" ] && ccvss=0
 fi
 
 references="$cve $bsc"