The landing page for the Spectre and Meltdown issue is not very clear about what is already patched and what not.
When installing the latest available kernel patches (Version: kernel-pae-3.0.101-108.21.1.i586.rpm; Yes it is the 32bit PAE kernel) the following script is still reporting, that the system is vulnerable to all three vulnerabilities.
The script to check for all three vulnerabilities CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754:
For CVE-2017-5754 the SUSE landing page is providing this information: “This feature can be enabled / disabled by the “pti=[on|off|auto]” or “nopti” command line options. More details can be found in the “Additional information” section.”. But enabling this on the kernel mentioned above does not change the result from the check by the script.
The questions now are:
- Are the vulnerabilities patched for SLES11SP4 x86 (32bit, pae kernel) and how can it be proved?
- What are the required settings to enable the fixes on SLES11SP4 x86 (32bit, pae kernel)?
- If there is still ongoing work especially on the PAE version of the 32bit kernel for SLES11SP4, how to get notified?