Add new CPU features for CVE-2017-5715 and CVE-2018-3639
On Intel x86 hosts, the "ssbd" feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. NB this requires new microcode too, which is not yet available in Fedora microcode_ctl RPMs. New "-IBRS"CPU models are provided for the Spectre fix, though it is possible to just use the "spec-ctrl" feature with existing models
On AMD x86 hosts, the "virt-ssbd" feature must be explicitly added to any virtual machines that are not using host-passthrough /host-model CPU setup. There is no microcode dependency for AMD as this is a virtualized CPUID feature. New "-IBPB" CPU models are provided for the Spectre fix, though it is possible to just use the "ibpb" feature with existing models
In both cases, kernel >= 4.16.10-201 is required on the host and guest in order to activate the fix. QEMU >= qemu-2.10.1-4.fc27 is also required on the host
sudo dnf upgrade --advisory=FEDORA-2018-2b053454a4
Please login to add feedback.