I've installed the patch for CVE-2017-5754 as well as the microcode update:
# uname -a Linux ftp51 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08) x86_64 GNU/Linux # dmesg | grep isolation [ 0.000000] Kernel/User page tables isolation: enabled And yet, the widely-recommended test script at https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh ...still reports that CVE-2017-5754 vulnerability exists (as well as the other 2). CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Kernel supports Page Table Isolation (PTI): YES * PTI enabled and active: UNKNOWN (dmesg truncated, please reboot and relaunch this script) * Checking if we're running under Xen PV (64 bits): UNKNOWN (dmesg truncated, please reboot and relaunch this script) > STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability) And for the record, this is not under Xen and as you see further above, the kernel reports that PTI is indeed enabled. So my question is: What have I missed? Is the test script flawed? Is the fix flawed? Am I flawed? Thanks....Nick
