TL;DR: HOST MITIGATION FEATURES REPORT: https://bugs.launchpad.net/intel/+bug/1828495/comments/15
OLD QEMU GUEST MIT FEATURES REPORT: https://bugs.launchpad.net/intel/+bug/1828495/comments/16 NEW QEMU GUEST MIT FEATURES REPORT: https://bugs.launchpad.net/intel/+bug/1828495/comments/17 MIT FEATURES REPORT DELTA FROM OLD TO NEW: https://bugs.launchpad.net/intel/+bug/1828495/comments/18 Meaning we basically have enabled INSIDE the GUEST: * Hardware support (CPU microcode) for mitigation techniques * Enhanced IBRS (IBRS_ALL) * CPU indicates ARCH_CAPABILITIES MSR availability: YES * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES * CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO and * CPU vulnerability to the speculative execution attack variants * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1828495 Title: [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM. To manage notifications about this bug go to: https://bugs.launchpad.net/intel/+bug/1828495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs