I suppose the confusion comes from this bug report being about other vulnerabilities too (as seen in the initial attachment): # with kernel-default: - l1tf - mds - meltdown - spectre store bypass + itlb multihit # with kernel-pae (fewer but still not fully mitigated): - mds - spectre store bypass + itlb multihit Considering this difference between kernel-default and kernel-pae + the fact that the microcode is the same whether I use either kernel: I thought that some of the vulnerabilities are not just a matter of microcode but kernel level mitigations exists. > So what exactly are you asking? (1) After the above clarification, I suppose you can have a second look to my previous question. > > What about kernel-level mitigations? Are these impossible, i.e. is microcode > > the only way to mitigate the remaining vulnerabilities? (2) My other question is: https://lkml.org/lkml/2019/12/8/205 *I understand (2) and the answer to it may be considered off-topic to this bug report but I still hope you could shed some light on it too (in direct email is fine too, if you think it would be more appropriate).