0

As you know Red Hat published a script to check the vulnerability of the system to Spectre and Meltdown. Kernel upgrade and activation/deactivation of some features is enough for avoid from these vulnerabilities. But there is something in the result of script that I didn't understand.

Output of Checker Script

You can see the output says the system vulnerability is yes for variant 1 in three rows below the CPU information. And then, after this section, the output says system vulnerability is no for variant 1. Is there something that I miss? I check the "STATUS: " parts only. Is this enough to avoid from this vulnerabilities?

Community
  • 1
Jo Shepherd
  • 835

1 Answers1

0

The script is telling you that originally your CPU was vulnerable to all three exploits, however, for variant 1 your /sys interface is confirming (and double confirmed by the kernel) that you are mitigated against this attack.

For variant 2 I cannot remember exactly what was required to fix it, but it certainly required d/l some microcode from your chip vendor. But I'm almost sure for VM running ESXI nothing is required.

(source: redhat employee)

CaldeiraG
  • 2,623
  • 8
  • 21
  • 34
Sean Davey
  • 504