[CentOS-devel] [Centos6.5][Spectre]variant 2 not getting fixed
Simon Matter
simon.matter at invoca.ch
Thu Jan 11 07:13:10 UTC 2018
> Dear team
> My Guest os (CentOS 6.5 ,kernel version 2.6.32-696.18.7.el6.x86_64) is
> running in ESXI server (VMware ESXi 5.5.0 build-6480324,
> patch ESXi550-201709001.zip was applied ) .
> I installed all the packages mention in https://lists.centos.org/
...
> I used a tool https://raw.githubusercontent.com/speed47/spectre-meltdown-
> checker/master/spectre-meltdown-checker.sh to
> detect if meltdown and spectre got fixed . Spectre Variant 1 and Meltdown
> got fixed but not Variant 2 .
> "CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
> * Mitigation 1
> * Hardware (CPU microcode) support for mitigation: YES
> * Kernel support for IBRS: YES
> * IBRS enabled for Kernel space: NO
> * IBRS enabled for User space: NO
> * Mitigation 2
> * Kernel compiled with retpoline option: NO
> * Kernel compiled with a retpoline-aware compiler: NO
>> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with
> retpoline are needed to mitigate the vulnerability)"
Hi,
I think it's because you're running it as a guest so the fixes are not
needed, they are needed on the virtual host then.
Running an updated CentOS 7 KVM guest on a CentOS 6 host, I see all three
options set to 0.
Regards,
Simon
More information about the CentOS-devel
mailing list