New CPU features for speculative store bypass (CVE-2018-3639)
On Intel x86 hosts, the "ssbd" feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. NB this requires new microcode too, which is not yet available in Fedora microcode_ctl RPMs.
On AMD x86 hosts, the "virt-ssbd" feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. There is no microcode dependency for AMD as this is a virtualized CPUID feature.
In both cases, kernel >= 4.16.10-301 is required on the host and guest in order to activate the fix.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2018-44f8a7454d
Please login to add feedback.
This update has been submitted for testing by berrange.
berrange edited this update.
berrange edited this update.
This update has been pushed to testing.
No regressions noted.
Working for me.
works for me
This update has been submitted for batched by bodhi.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.