[newman314]

Just to follow up, looks like Spectre fixes are now available but only for Variant 1. The following is on a 16.04 VM running HWE 4.13.0-31. Additionally, reptoline patches are not available.

  CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
  * Checking count of LFENCE opcodes in kernel:  YES 
  > STATUS:  NOT VULNERABLE  (114 opcodes found, which is >= 70, heuristic to be improved when official patches become available)

  CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
  * Mitigation 1
  *   Hardware (CPU microcode) support for mitigation
  *     The SPEC_CTRL MSR is available:  YES 
  *     The SPEC_CTRL CPUID feature bit is set:  NO 
  *   Kernel support for IBRS:  YES 
  *   IBRS enabled for Kernel space:  NO 
  *   IBRS enabled for User space:  NO 
  * Mitigation 2
  *   Kernel compiled with retpoline option:  NO 
  *   Kernel compiled with a retpoline-aware compiler:  NO 
  > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

  CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
  * Kernel supports Page Table Isolation (PTI):  YES 
  * PTI enabled and active:  YES 
  * Checking if we're running under Xen PV (64 bits):  NO 
  > STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)