How to determine which modules are responsible for spectre_v2 returning "Vulnerable: Retpoline with unsafe module(s)"?

Solution Verified - Updated -

Issue

  • When we run the "Spectre And Meltdown Detector" lab app, it reports Vulnerable: Retpoline with unsafe module(s) similar to the output below. How do we find out which modules are unsafe?
Variant #2 (Spectre): Vulnerable: Retpoline with unsafe module(s)
CVE-2017-5715 - speculative execution branch target injection
   - Kernel with mitigation patches: OK
   - HW support / updated microcode: YES
   - IBRS: Not disabled on kernel commandline
   - IBPB: Not disabled on kernel commandline
   - Retpolines: Not disabled on kernel commandline
  • When checking for Spectre vulnerabilities, the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file indicates the following. How do we find out which modules are responsible?
# cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Vulnerable: Retpoline with unsafe module(s)

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
    • kernel package which include Retpoline-based mitigation

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content