Journald warning kernel 6.6.x-x missing microcode

GaVenga · 27 November 2023 09:43

Warnings in journalctl kernels 6.6.2-5 / 6.6.2-7 /

archlinux kernel: Speculative Return Stack Overflow: IBPB-extending microcode not applied!

archlinux kernel: Speculative Return Stack Overflow: WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html for mitigation options.

cscs · 27 November 2023 10:56

Guess I’m waiting on my microcode…

$ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow

Vulnerable: Safe RET, no microcode

Or who knows maybe I’ll use spec_rstack_overflow=off to cut the performance hit, as …

In order to exploit vulnerability, an attacker needs to:

    gain local access on the machine

    break kASLR

    find gadgets in the running kernel in order to use them in the exploit

    potentially create and pin an additional workload on the sibling thread, depending on the microarchitecture (not necessary on fam 0x19)

    run the exploit

GaVenga · 4 December 2023 13:07

Old warnings have gone.
New on 4.Dez.2023: archlinux kernel: Zenbleed: please update your microcode for the most optimal fix.
@Yochanan
EDIT: amd-ucode 20231110.74158e7a-1 - of Mi 22 Nov 2023 - does not cover this…

cscs · 4 January 2024 03:55

I had bookmarked this to remind me again in however long.
Things are pretty much the same.
Except been rocking the option above so now its

$ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Vulnerable: No microcode

GaVenga · 4 January 2024 09:43

Mitigation: Safe RET