[CentOS] spectre variant 2

Phil Perry pperry at elrepo.org
Fri Mar 16 21:42:34 UTC 2018


On 16/03/18 18:24, Fred Smith wrote:
> Hi all!
> 
> I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU.
> 

What kernel are you running (uname -r)?

> I note that when I run the redhat script to test for spectre & meltdown
> I get this result for variant 2:
> 
> Variant #2 (Spectre): Vulnerable
> CVE-2017-5715 - speculative execution branch target injection
>     - Kernel with mitigation patches: OK
>     - HW support / updated microcode: NO
>     - IBRS: Not disabled on kernel commandline
>     - IBPB: Not disabled on kernel commandline
> 
> 
> and when I run the one from github I get this:
> 
> CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
> * Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> * Mitigation 1
>    * Kernel is compiled with IBRS/IBPB support:  YES
>    * Currently enabled features
>      * IBRS enabled for Kernel space:  NO
>      * IBRS enabled for User space:  NO
>      * IBPB enabled:  NO
> * Mitigation 2
>    * Kernel compiled with retpoline option:  YES
>    * Kernel compiled with a retpoline-aware compiler:  UNKNOWN
>> STATUS:  VULNERABLE  (Vulnerable: Retpoline without IBPB)
> 
> 
> So, I"m wondering:
> 1. has RH in fact released mitigations for this issue for AMD processors, and
> 2. has AMD released microcode updates for this?
> 
> I have no idea how to query AMD with such a question, anybody here know?
> 
> Thanks in advance!
> 




More information about the CentOS mailing list