CVE-2017-5715 vulnerability

[HPmoss]

How do I fix this vulnerability?
I have already installed intel-microcode/stable,now 3.20230214.1~deb11u1 amd64

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
> STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB is needed to mitigate the vulnerability)

 

[leesteken]

How do I fix this vulnerability?
I have already installed intel-microcode/stable,now 3.20230214.1~deb11u1 amd64

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
> STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB is needed to mitigate the vulnerability)

You cannot fix it, but you the Proxmox Linux kernel is mitigating the problem using various techniques to keep you safe.
If you want hardware that is not vulnerable (out of the box without mitigations) you need to buy other hardware. However, I don't think there is any modern system that is not vulnerable and everything you can currently buy still need mitigations. You can read more about it on Wikipedia.
In short: this is normal an not a problem you need to fix.