Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-14 13:41:37 -05:00
Code Issues Packages Projects Releases Wiki Activity

Enable kvm.mitigate_smt_rsb=1

Browse Source
This commit is contained in:
raja-grewal 2024-12-17 11:44:11 +00:00 committed by GitHub
parent 45355aabdc
commit 3e96fdd9cc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etc/default/grub.d/40_cpu_mitigations.cfg
View File

@ -134,6 +134,14 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mmio_stale_data=full,nosmt"
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX retbleed=auto,nosmt"
## Cross-Thread Return Address Predictions:
## Mitigate the vulnerability for certain KVM hypervisor configurations.
## Currently affects AMD Zen 1-2 CPUs.
##
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/cross-thread-rsb.html
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.mitigate_smt_rsb=1"
## Speculative Return Stack Overflow (SRSO):
## Mitigate the vulnerability by ensureing all RET instructions speculate to a controlled location.
## Currently affects AMD Zen 1-4 CPUs.