Vulnerability Discussion
Hardware vulnerabilities allow programs to steal data that is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to obtain secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser; personal photos, emails, and instant messages; and business-critical documents.
Check
Determine the default kernel:
$ sudo grubby --default-kernel
/boot/vmlinuz-5.4.17-2011.1.2.el8uek.x86_64
Using the default kernel, verify that Meltdown mitigations are not disabled:
$ sudo grubby --info=
| grep mitigation
If the mitigation parameter is set to "off" this is a finding.
Fix
Determine the default kernel:
$ sudo grubby --default-kernel
/boot/vmlinuz-5.4.17-2011.1.2.el8uek.x86_64
Using the default kernel, remove the Meltdown mitigations:
$ sudo grubby --update-kernel=
--remove-args=mitigation=off
Reboot the system for the change to take effect.