First and foremost, the security update again patches Debian GNU/Linux’s kernel against both variants of the Spectre vulnerability (CVE-2017-5715 and CVE-2017-5753). These could allow an attacker that has control over an unprivileged process to read memory from arbitrary addresses, including kernel memory. While Spectre Variant 2 was mitigated for the x86 architecture (amd64 and i386) via the retpoline compiler feature, Spectre Variant 1 was mitigated by first identifying the vulnerable code sections and then replacing the array access with the speculation-safe array_index_nospec() function.