<div dir="ltr"><div style="font-size:12.8px">Dear team </div><div style="font-size:12.8px">    My Guest os (CentOS 6.5 ,kernel version 2.6.32-696.18.7.el6.x86_64) is running in ESXI server (VMware ESXi 5.5.0 build-6480324, </div><div style="font-size:12.8px"><span style="white-space:pre-wrap">  </span>patch ESXi550-201709001.zip was applied ) . </div><div style="font-size:12.8px">    I installed all the packages mention in <a href="https://lists.centos.org/pipermail/centos-announce/2018-January/" target="_blank">https://lists.centos.org/<wbr>pipermail/centos-announce/<wbr>2018-January/</a></div><div style="font-size:12.8px">    The list of installed packages are -></div><div style="font-size:12.8px"><span style="white-space:pre-wrap">   </span></div><div style="font-size:12.8px"><span style="white-space:pre-wrap">      </span>kernel-debug-devel-2.6.32-696.<wbr>18.7.el6.i686</div><div style="font-size:12.8px">    kernel-2.6.32-696.18.7.el6.<wbr>x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">    </span>kernel-doc-2.6.32-696.18.7.<wbr>el6.noarch</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">      </span>kernel-debug-2.6.32-696.18.7.<wbr>el6.x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">    </span>kernel-devel-2.6.32-696.18.7.<wbr>el6.x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">    </span>kernel-debug-devel-2.6.32-696.<wbr>18.7.el6.x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">      </span>libreport-plugin-kerneloops-2.<wbr>0.9-19.el6.centos.x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">     </span>abrt-addon-kerneloops-2.0.8-<wbr>21.el6.centos.x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">   </span>dracut-kernel-004-409.el6_8.2.<wbr>noarch</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">       </span>kernel-headers-2.6.32-696.18.<wbr>7.el6.x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">  </span>kernel-firmware-2.6.32-696.18.<wbr>7.el6.noarch</div><div style="font-size:12.8px"><span style="white-space:pre-wrap"> </span>kernel-abi-whitelists-2.6.32-<wbr>696.18.7.el6.noarch</div><div style="font-size:12.8px">    dracut-004-409.el6_8.2.noarch</div><div style="font-size:12.8px">    dracut-kernel-004-409.el6_8.2.<wbr>noarch<span style="white-space:pre-wrap"> </span></div><div style="font-size:12.8px"><span style="white-space:pre-wrap">      </span>elfutils-libs-0.164-2.el6.x86_<wbr>64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">   </span>elfutils-0.164-2.el6.x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">   </span>elfutils-libelf-devel-0.164-2.<wbr>el6.x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">   </span>elfutils-libelf-0.164-2.el6.<wbr>x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap"> </span>elfutils-devel-0.164-2.el6.<wbr>x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">  </span>microcode_ctl-1.17-25.2.el6_9.<wbr>x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">       </span>python-perf-2.6.32-696.18.7.<wbr>el6.x86_64</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">     </span>perf-2.6.32-696.18.7.el6.x86_<wbr>64    <span style="white-space:pre-wrap">       </span></div><div style="font-size:12.8px"><span style="white-space:pre-wrap">      </span></div><div style="font-size:12.8px"><span style="white-space:pre-wrap">      </span><b><font color="#ff0000">But /sys/kernel/debug/x86/ibrs_<wbr>enabled is still set to 0 and if I execute "echo 2 > /sys/kernel/debug/x86/ibrs_<wbr>enabled"</font></b></div><div style="font-size:12.8px"><b><font color="#ff0000"><span style="white-space:pre-wrap">       </span>then we are getting the error "bash: echo: write error: No such device" .</font></b></div><div style="font-size:12.8px"><b><font color="#ff0000"><span style="white-space:pre-wrap">     </span>The content of /sys/kernel/debug/x86/ibpb_<wbr>enabled is also 0  and echo 1 > /sys/kernel/debug/x86/ibpb_<wbr>enabled  throws the</font></b></div><div style="font-size:12.8px"><b><font color="#ff0000"><span style="white-space:pre-wrap">     </span>error "bash: echo: write error: No such device" .</font></b></div><div style="font-size:12.8px"><span style="white-space:pre-wrap">    </span></div><div style="font-size:12.8px"><span style="white-space:pre-wrap">      </span>I used a tool <a href="https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh" target="_blank">https://raw.githubusercontent.<wbr>com/speed47/spectre-meltdown-<wbr>checker/master/spectre-<wbr>meltdown-checker.sh</a> to </div><div style="font-size:12.8px"><span style="white-space:pre-wrap">       </span>detect if meltdown and spectre got fixed . Spectre Variant 1 and Meltdown got fixed but not Variant 2 .</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">       </span></div><div style="font-size:12.8px"><span style="white-space:pre-wrap">      </span>"CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'</div><div style="font-size:12.8px"><span style="white-space:pre-wrap"> </span>* Mitigation 1</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">        </span>*   Hardware (CPU microcode) support for mitigation:  YES</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">  </span>*   Kernel support for IBRS:  YES</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">  </span>*   IBRS enabled for Kernel space:  NO</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">     </span>*   IBRS enabled for User space:  NO</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">       </span>* Mitigation 2</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">        </span>*   Kernel compiled with retpoline option:  NO</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">     </span>*   Kernel compiled with a retpoline-aware compiler:  NO</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">   </span>> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)"</div><div style="font-size:12.8px"><span style="white-space:pre-wrap">  </span></div><div style="font-size:12.8px"><span style="white-space:pre-wrap">      </span>Thanks in advance </div><div style="font-size:12.8px"><span style="white-space:pre-wrap">   </span></div><div style="font-size:12.8px"><span style="white-space:pre-wrap">      </span>Thanks and regards</div><div style="font-size:12.8px">       AKSHAR</div></div>