Huge thanks for the replies
CwF
On a personal laptop?
Yes, I am the unique user of the laptop
Not at all serious.
Does that mean is safe ignore the situation?
BTW I have the intention to use VirtualBox to run some VM for Linux Servers and install Docker too
The BIOS was configured to use Virtualization
FreewheelinFrank
There is more information on this available from a web search, for example:
https://askubuntu.com/questions/1250040 ... rs-from-lo
Which links to:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
The second link gives examples of when the mitigation may be critical.
Thanks for the links
I believe mitigation is enabled by default in Debian if intel-microcode is installed (it was for me).
Sounds great, exists an official link to confirm that? (It seems it is https://wiki.debian.org/Microcode)
What is the output of
$ apt policy intel-microcode
?
As follows:
Code:
apt policy intel-microcodeintel-microcode: Installed: 3.20251111.1~deb13u1 Candidate: 3.20251111.1~deb13u1 Version table: *** 3.20251111.1~deb13u1 500 500 http://deb.debian.org/debian trixie/non-free-firmware amd64 Packages 100 /var/lib/dpkg/status 3.20250812.1~deb13u1 500 500 http://security.debian.org/debian-security trixie-security/non-free-firmware amd64 PackagesThere might be good reasons to have intel-microcode if you don't already.
If it can resolve the situation there is no problem.
Because the apt policy intel-microcode command has an output is assumed it is already installed
The MDS mitigation can be disabled if you are not likely to be vulnerable
Pls, could you expand the idea?
and do not want the CPU performance penalty (see first link).
I don't want have an impact of performance in the processor
Processor microcode is akin to processor firmware. The kernel is able to update the processor's firmware without the need to update it via a BIOS update. A microcode update is kept in volatile memory, thus the BIOS/UEFI or kernel updates the microcode during every boot.
Processors from Intel and AMD may need updates to their microcode to operate correctly. These updates fix bugs/errata that can cause anything from incorrect processing, to code and data corruption, and system lockups.
It is very difficult to know for sure whether you need a microcode update or not, but it is not safe at all to just ignore them. You might not notice their effect and have precious data silently corrupted, or an important program silently misbehave. Or you could experience one of those unexplainable and infrequent software issues (such as kernel oops, application segfaults) or hardware issues (including sudden reboots and hangs).
Valuable information
excellent link
Pls let me know your thoughts
Statistics: Posted by manueljordan — 2026-01-25 02:16