How to determine which modules are responsible for spectre_v2 returning "Vulnerable: Retpoline with unsafe module(s)"?

Solution Verified - Updated -

Issue

  • When we run the "Spectre And Meltdown Detector" lab app, it reports Vulnerable: Retpoline with unsafe module(s) similar to the output below. How do we find out which modules are unsafe?
Variant #2 (Spectre): Vulnerable: Retpoline with unsafe module(s)
CVE-2017-5715 - speculative execution branch target injection
   - Kernel with mitigation patches: OK
   - HW support / updated microcode: YES
   - IBRS: Not disabled on kernel commandline
   - IBPB: Not disabled on kernel commandline
   - Retpolines: Not disabled on kernel commandline
  • When checking for Spectre vulnerabilities, the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file indicates the following. How do we find out which modules are responsible?
# cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Vulnerable: Retpoline with unsafe module(s)

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
    • kernel package which include Retpoline-based mitigation

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In