This bug was fixed before the affected kernel was released and, therefore, it never affected a publicly released kernel.
** Changed in: linux (Ubuntu) Status: Confirmed => Fix Released ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1772146 Title: Xenial 4.4.0-126.152 does not properly virtualize cpuid, resulting in disabled SSBD Status in linux package in Ubuntu: Fix Released Bug description: The Xenial (4.4.0-126.152) kernel, which is to be released on 5/21, does not properly handle the cpuid opcode for KVM guests. This causes the guest kernel to incorrectly assume that the Speculative Storage Bypass Disable (SSBD) feature (needed for CVE-2018-3639) is not supported and, therefore, causes it to be unusable in a KVM guest. From the host environment (running 4.4.0-126.152): $ cpuid -1r | grep '^ 0x00000007' 0x00000007 0x00: eax=0x00000000 ebx=0x000037ab ecx=0x00000000 edx=0x9c000000 When the most significant bit (bit 31) of edx is set, that indicates that SSBD is available. Running the same command in the guest shows that the bit is not set: $ cpuid -1r | grep '^ 0x00000007' 0x00000007 0x00: eax=0x00000000 ebx=0x000007ab ecx=0x00000000 edx=0x00000000 Therefore, we see this message in the guest's dmesg output: $ dmesg | grep Speculative [ 0.008000] Speculative Store Bypass: Vulnerable We also see this in the guest: $ cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass Vulnerable I don't yet see what's causing this bug when the Xenial 4.4 kernel is used in the host. It does not occur when the Trusty 3.13, Artful 4.13, Bionic 4.15 kernels are used in the host. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1772146/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp