If I run just spectre-meltdown-checker it says that all 4 of the MDS vulnerabilities are vulnerable. However, if I run spectre-meltdown-checker --paranoid it says all 4 are not vulnerable. I believe this is a bug in the way the paranoid mode is checking for SMT being disabled. If it is disable it seems to say it is not vulnerable all thought this is not necessary the case if the kernel mitigate is not enabled and active.

Originally posted by @jdantzler in #283 (comment)