mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-08 23:09:26 +07:00
Code Issues Packages Projects Releases Wiki Activity

Enable kvm.mitigate_smt_rsb=1

Browse Source
This commit is contained in:
raja-grewal
2024-12-17 11:44:11 +00:00
committed by GitHub
parent 45355aabdc
commit 3e96fdd9cc
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
etc/default/grub.d/40_cpu_mitigations.cfg
View File

@ -134,6 +134,14 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mmio_stale_data=full,nosmt"
## ##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX retbleed=auto,nosmt" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX retbleed=auto,nosmt"
## Cross-Thread Return Address Predictions:
## Mitigate the vulnerability for certain KVM hypervisor configurations.
## Currently affects AMD Zen 1-2 CPUs.
##
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/cross-thread-rsb.html
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.mitigate_smt_rsb=1"
## Speculative Return Stack Overflow (SRSO): ## Speculative Return Stack Overflow (SRSO):
## Mitigate the vulnerability by ensureing all RET instructions speculate to a controlled location. ## Mitigate the vulnerability by ensureing all RET instructions speculate to a controlled location.
## Currently affects AMD Zen 1-4 CPUs. ## Currently affects AMD Zen 1-4 CPUs.