Hi,

I'm a little bit unsure about how to patch my Ubuntu servers and my Ubuntu Desktop for that matter. I've installed the intel-microcode package 3.20190514.0ubuntu0.18.04.2 and kernel version 4.15.0-50 (server version), recommended by Ubuntu here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS

I've done that on a virtual machine running in an unpatched vsphere. I've downloaded a mdstool-cli to check if this has been mitigated, but I get:
I get the exact same thing on my Ubuntu Desktop, although I'm running the latest kernel 4.18.0-20 and the latest version of intel-microcode.

On my desktop (so baremetal, as it were):
On my Ubuntu-VM running on vsphere:
The same thing I get on Ubuntu 18.04 running as a VM in virtualbox on the same desktop pc.

So the VM doesn't know the status of hyperthreading, if I understand correctly.


Any ideas how I can patch my Ubuntu desktops/servers?

If I understand correctly, it doesn't really make any sense installing the intel-microcode package on the VM, because those firmware changes are obviously not going to be applied on the baremetal server's processor. I wonder, still, if it changes anything (whatever virtual version the hypervisor is presenting to the virtual machine, for instance) or if it simply ignored.

So on the virtual machines themselves only the kernel versions would remain to be updated, while on the hypervisor the kernel version, the microcode (intel-microcode on linux) and if necessary the qemu and libvirt (for hypervisors which use kvm).

Nobody has any opinion on that? I still haven't been able to get a straight answer