Quantcast
Channel: Debian User Forums
Viewing all articles
Browse latest Browse all 4056

General Questions • Re: MDS CPU bug present and SMT on, data leak possible

$
0
0

Huge thanks for the replies

CwF

On a personal laptop?

Yes, I am the unique user of the laptop

Not at all serious.

Does that mean is safe ignore the situation?

BTW I have the intention to use VirtualBox to run some VM for Linux Servers and install Docker too
The BIOS was configured to use Virtualization

FreewheelinFrank

There is more information on this available from a web search, for example:

https://askubuntu.com/questions/1250040 ... rs-from-lo

Which links to:

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS

The second link gives examples of when the mitigation may be critical.

Thanks for the links

I believe mitigation is enabled by default in Debian if intel-microcode is installed (it was for me).

Sounds great, exists an official link to confirm that? (It seems it is https://wiki.debian.org/Microcode)

What is the output of
$ apt policy intel-microcode
?

As follows:

Code:

apt policy intel-microcodeintel-microcode:  Installed: 3.20251111.1~deb13u1  Candidate: 3.20251111.1~deb13u1  Version table: *** 3.20251111.1~deb13u1 500        500 http://deb.debian.org/debian trixie/non-free-firmware amd64 Packages        100 /var/lib/dpkg/status     3.20250812.1~deb13u1 500        500 http://security.debian.org/debian-security trixie-security/non-free-firmware amd64 Packages

There might be good reasons to have intel-microcode if you don't already.

If it can resolve the situation there is no problem.
Because the apt policy intel-microcode command has an output is assumed it is already installed

The MDS mitigation can be disabled if you are not likely to be vulnerable

Pls, could you expand the idea?

and do not want the CPU performance penalty (see first link).

I don't want have an impact of performance in the processor

Processor microcode is akin to processor firmware. The kernel is able to update the processor's firmware without the need to update it via a BIOS update. A microcode update is kept in volatile memory, thus the BIOS/UEFI or kernel updates the microcode during every boot.

Processors from Intel and AMD may need updates to their microcode to operate correctly. These updates fix bugs/errata that can cause anything from incorrect processing, to code and data corruption, and system lockups.

It is very difficult to know for sure whether you need a microcode update or not, but it is not safe at all to just ignore them. You might not notice their effect and have precious data silently corrupted, or an important program silently misbehave. Or you could experience one of those unexplainable and infrequent software issues (such as kernel oops, application segfaults) or hardware issues (including sudden reboots and hangs).

Valuable information

excellent link

Pls let me know your thoughts

Statistics: Posted by manueljordan — 2026-01-25 02:16



Viewing all articles
Browse latest Browse all 4056

Trending Articles