Page 1 of 1

Spectre (security vulnerability) fix

Posted: Thu Jul 30, 2020 8:54 pm
by nevets
As the Spectre (security vulnerability) is going to be an ongoing issue generally for many PCs would you consider applying the partial fix in sysctl as standard?
Currently I prevent the disable of IBRS (ie make it permanently active) by creating in /etc/sysctl.d/ a conf file containing:

# Set the IndirectBranchRestriciveSpeculation fix for Spectre 2

This then prevents services from being able to disable the restricted speculation on-the-fly.