diff --git a/src/vulns/CVE-2017-5715.sh b/src/vulns/CVE-2017-5715.sh
index 8f59f4a..830857b 100644
--- a/src/vulns/CVE-2017-5715.sh
+++ b/src/vulns/CVE-2017-5715.sh
@@ -633,7 +633,15 @@ check_CVE_2017_5715_linux() {
                 fi
             fi
             if [ "$rsb_filling" = 0 ]; then
-                if [ -n "$g_kernel_err" ]; then
+                # Red Hat kernels (RHEL 6/7/8) stuff RSB on context switch as part of
+                # their retpoline implementation when retp_enabled=1, but don't use the
+                # upstream X86_FEATURE_RSB_CTXSW flag or "Filling RSB on context switch"
+                # string. Detect this via the RHEL-specific debugfs knob.
+                # See https://bugzilla.redhat.com/show_bug.cgi?id=1616245#c8
+                if [ "$retp_enabled" = 1 ]; then
+                    rsb_filling=1
+                    pstatus green YES "Red Hat kernel with retpoline enabled includes RSB filling"
+                elif [ -n "$g_kernel_err" ]; then
                     pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)"
                 else
                     if grep -qw -e 'Filling RSB on context switch' "$g_kernel"; then