Speculative Return Stack Overflow warning in latest kernel
My Linode instance is using the latest 64-bit kernel. On upgrading to 6.8.9-x86_64-linode164 I get these warnings in /var/log/kern.log:
Speculative Return Stack Overflow: IBPB-extending microcode not applied!
Speculative Return Stack Overflow: WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html for mitigation options.
Speculative Return Stack Overflow: Vulnerable: Safe RET, no microcode
Following the instructions at https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html I get these results:
cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Vulnerable: Safe RET, no microcode
Is this something to be concerned about? Do I have control over which mitigations are in place, or does the kernel supplied by Linode lock me into whatever mitigations you have set up?
2 Replies
CassandraD
Linode Staff
✓ Best Answer
I reached out to several teams to confirm that users do not have control over which mitigations are in place, which I believe is true regardless of the kernel you choose.
That said, I've also confirmed that we have mitigations in place for Speculative Return Stack Overflow. I can also say that we haven’t seen any evidence our systems have been affected by this vulnerability.
If you ever have reason to believe that your server has been affected by this or any vulnerability, please feel free to open a Support Ticket and let us know. Security is a shared responsibility and we're happy to work with users to ensure we're doing our part to keep things safe.
Thanks!