[CentOS] spectre variant 2
Phil Perry
pperry at elrepo.org
Fri Mar 16 21:42:34 UTC 2018
On 16/03/18 18:24, Fred Smith wrote:
> Hi all!
>
> I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU.
>
What kernel are you running (uname -r)?
> I note that when I run the redhat script to test for spectre & meltdown
> I get this result for variant 2:
>
> Variant #2 (Spectre): Vulnerable
> CVE-2017-5715 - speculative execution branch target injection
> - Kernel with mitigation patches: OK
> - HW support / updated microcode: NO
> - IBRS: Not disabled on kernel commandline
> - IBPB: Not disabled on kernel commandline
>
>
> and when I run the one from github I get this:
>
> CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
> * Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable)
> * Mitigation 1
> * Kernel is compiled with IBRS/IBPB support: YES
> * Currently enabled features
> * IBRS enabled for Kernel space: NO
> * IBRS enabled for User space: NO
> * IBPB enabled: NO
> * Mitigation 2
> * Kernel compiled with retpoline option: YES
> * Kernel compiled with a retpoline-aware compiler: UNKNOWN
>> STATUS: VULNERABLE (Vulnerable: Retpoline without IBPB)
>
>
> So, I"m wondering:
> 1. has RH in fact released mitigations for this issue for AMD processors, and
> 2. has AMD released microcode updates for this?
>
> I have no idea how to query AMD with such a question, anybody here know?
>
> Thanks in advance!
>
More information about the CentOS
mailing list