Hi all!
I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU.
I note that when I run the redhat script to test for spectre & meltdown
I get this result for variant 2:
Variant #2 (Spectre): Vulnerable
CVE-2017-5715 - speculative execution branch target injection
- Kernel with mitigation patches: OK
- HW support / updated microcode: NO
- IBRS: Not disabled on kernel commandline
- IBPB: Not disabled on kernel commandline
and when I run the one from github I get this:
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: YES
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: UNKNOWN
> STATUS: VULNERABLE (Vulnerable: Retpoline without IBPB)
So, I"m wondering:
1. has RH in fact released mitigations for this issue for AMD processors, and
2. has AMD released microcode updates for this?
I have no idea how to query AMD with such a question, anybody here know?
Thanks in advance!
--
---- Fred Smith -- fredex at fcshome.stoneham.ma.us -----------------------------
The eyes of the Lord are everywhere,
keeping watch on the wicked and the good.
----------------------------- Proverbs 15:3 (niv) -----------------------------