When I updated my kernel from 5.15.27 -> 5.15.28, spectre-meltdown-checker started complaining that I was vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection).

After doing a little investigation, this seems to be caused by the following line of code:

This is trying to detect whether the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file contains the word retpoline (case insensitively).

I think kernel 5.15.27 used to contain the text Mitigation: AMD retpoline, (...) (or something similar) but 5.15.28 switched to a generic retpoline implementation, so the file now contains Mitigation: Retpolines, (...).

Since the grep command in the above line of code contains the -w switch but the word is now plural (and therefore doesn't match anymore), spectre-meltdown-checker doesn't detect that the kernel is compiled with a retpoline-aware compiler and therefore considers my machine to be vulnerable to CVE-2017-5715.