✓ Solved

Speculative Return Stack Overflow warning in latest kernel

My Linode instance is using the latest 64-bit kernel. On upgrading to 6.8.9-x86_64-linode164 I get these warnings in /var/log/kern.log:

Speculative Return Stack Overflow: IBPB-extending microcode not applied!
Speculative Return Stack Overflow: WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html for mitigation options.
Speculative Return Stack Overflow: Vulnerable: Safe RET, no microcode

Following the instructions at https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html I get these results:

cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Vulnerable: Safe RET, no microcode

Is this something to be concerned about? Do I have control over which mitigations are in place, or does the kernel supplied by Linode lock me into whatever mitigations you have set up?

2 Replies

✓ Best Answer

I reached out to several teams to confirm that users do not have control over which mitigations are in place, which I believe is true regardless of the kernel you choose.

That said, I've also confirmed that we have mitigations in place for Speculative Return Stack Overflow. I can also say that we haven’t seen any evidence our systems have been affected by this vulnerability.

If you ever have reason to believe that your server has been affected by this or any vulnerability, please feel free to open a Support Ticket and let us know. Security is a shared responsibility and we're happy to work with users to ensure we're doing our part to keep things safe.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct