> Dear team > My Guest os (CentOS 6.5 ,kernel version 2.6.32-696.18.7.el6.x86_64) is > running in ESXI server (VMware ESXi 5.5.0 build-6480324, > patch ESXi550-201709001.zip was applied ) . > I installed all the packages mention in https://lists.centos.org/ ... > I used a tool https://raw.githubusercontent.com/speed47/spectre-meltdown- > checker/master/spectre-meltdown-checker.sh to > detect if meltdown and spectre got fixed . Spectre Variant 1 and Meltdown > got fixed but not Variant 2 . > "CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' > * Mitigation 1 > * Hardware (CPU microcode) support for mitigation: YES > * Kernel support for IBRS: YES > * IBRS enabled for Kernel space: NO > * IBRS enabled for User space: NO > * Mitigation 2 > * Kernel compiled with retpoline option: NO > * Kernel compiled with a retpoline-aware compiler: NO >> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with > retpoline are needed to mitigate the vulnerability)" Hi, I think it's because you're running it as a guest so the fixes are not needed, they are needed on the virtual host then. Running an updated CentOS 7 KVM guest on a CentOS 6 host, I see all three options set to 0. Regards, Simon