Hi,
I'm a little bit unsure about how to patch my Ubuntu servers and my Ubuntu Desktop for that matter. I've installed the intel-microcode package 3.20190514.0ubuntu0.18.04.2 and kernel version 4.15.0-50 (server version), recommended by Ubuntu here:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
I've done that on a virtual machine running in an unpatched vsphere. I've downloaded a mdstool-cli to check if this has been mitigated, but I get:
Code:
Micro-architectural Data Sampling:
* Line Fill Buffers (MFBDS): Vulnerable
* Store Buffers (MSBDS): Vulnerable
* Load Ports (MLPDS): Vulnerable
* Uncached Memory (MDSUM): Vulnerable
* SMT: Unaffected
* MD_CLEAR: Not Available
I get the exact same thing on my Ubuntu Desktop, although I'm running the latest kernel 4.18.0-20 and the latest version of intel-microcode.
On my desktop (so baremetal, as it were):
Quote:
cat /sys/devices/system/cpu/vulnerabilities/mds
Mitigation: Clear CPU buffers; SMT vulnerable
|
On my Ubuntu-VM running on vsphere:
Quote:
cat /sys/devices/system/cpu/vulnerabilities/mds
Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown
|
The same thing I get on Ubuntu 18.04 running as a VM in virtualbox on the same desktop pc.
So the VM doesn't know the status of hyperthreading, if I understand correctly.
Any ideas how I can patch my Ubuntu desktops/servers?