Howto patch Spectre Vulnerability CVE-2017-5753/CVE-2017-5715 on Linux

Originally published at: https://www.cyberciti.biz/faq/patch-spectre-vulnerability-cve-2017-5753-cve-2017-5715-linux/

A very serious security problem has been found in the Intel/AMD/ARM CPUs. Spectre CPU Vulnerability CVE-2017-5753/CVE-2017-5715 breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre. How do I protect my Linux server and laptop/desktop against such attack?

do you know if upgrading RedHat 7.3 should fix also CVE-2017-5715 ?
I’ve checked with

 rpm -q --changelog kernel | egrep 'CVE-2017-5715|CVE-2017-5753|CVE-2017-5754'

And also with the utility

./spectre-meltdown-checker.sh 

it seems is fixed CVE-2017-5753 and CVE-2017-5754 but not CVE-2017-5715

Patches for those are not out yet. They were just committed to upstream kernel version. You have to wait for it. You need microcode update too. In short to patch Spectre you need kernel update and microcode update from your CPU vendor or OEM (such as Dell/HP and so on).