From d040c0ffc384ed68483f70eb5e8c051cd8e568f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Mon, 6 Apr 2026 17:40:59 +0200
Subject: [PATCH] fix: CVE-2017-5715 (Spectre V2): Red Hat specific fix for RSB
 Filling (fixes #235)

---
 src/vulns/CVE-2017-5715.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/vulns/CVE-2017-5715.sh b/src/vulns/CVE-2017-5715.sh
index 8f59f4a..830857b 100644
--- a/src/vulns/CVE-2017-5715.sh
+++ b/src/vulns/CVE-2017-5715.sh
@@ -633,7 +633,15 @@ check_CVE_2017_5715_linux() {
                 fi
             fi
             if [ "$rsb_filling" = 0 ]; then
-                if [ -n "$g_kernel_err" ]; then
+                # Red Hat kernels (RHEL 6/7/8) stuff RSB on context switch as part of
+                # their retpoline implementation when retp_enabled=1, but don't use the
+                # upstream X86_FEATURE_RSB_CTXSW flag or "Filling RSB on context switch"
+                # string. Detect this via the RHEL-specific debugfs knob.
+                # See https://bugzilla.redhat.com/show_bug.cgi?id=1616245#c8
+                if [ "$retp_enabled" = 1 ]; then
+                    rsb_filling=1
+                    pstatus green YES "Red Hat kernel with retpoline enabled includes RSB filling"
+                elif [ -n "$g_kernel_err" ]; then
                     pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)"
                 else
                     if grep -qw -e 'Filling RSB on context switch' "$g_kernel"; then