Dear team My Guest os (CentOS 6.5 ,kernel version 2.6.32-696.18.7.el6.x86_64) is running in ESXI server (VMware ESXi 5.5.0 build-6480324, patch ESXi550-201709001.zip was applied ) . I installed all the packages mention in https://lists.centos.org/
...
I used a tool https://raw.githubusercontent.com/speed47/spectre-meltdown- checker/master/spectre-meltdown-checker.sh to detect if meltdown and spectre got fixed . Spectre Variant 1 and Meltdown got fixed but not Variant 2 . "CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
- Mitigation 1
- Hardware (CPU microcode) support for mitigation: YES
- Kernel support for IBRS: YES
- IBRS enabled for Kernel space: NO
- IBRS enabled for User space: NO
- Mitigation 2
- Kernel compiled with retpoline option: NO
- Kernel compiled with a retpoline-aware compiler: NO
STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with
retpoline are needed to mitigate the vulnerability)"
Hi,
I think it's because you're running it as a guest so the fixes are not needed, they are needed on the virtual host then.
Running an updated CentOS 7 KVM guest on a CentOS 6 host, I see all three options set to 0.
Regards, Simon