On 12 May 2014 22:15, "Keith Keller" <kkeller at wombat.san-francisco.ca.us> wrote: > Actually, I was wondering about mitigation along the lines of > blacklisting a module, tuning a sysctl parameter, or some other > mitigation that wouldn't require a new kernel. Perhaps such mitigation > isn't even possible with this issue. > Yeah I've not seen any mitigations that would work for CentOS. I wonder if a systemtap module would be feasible like that one a few months or so ago. For the time being I guess that doubly vigilant is important.