[Whonix-devel] [Oracle VM VirtualBox] #17987: VirtualBox 5.2.18 vulnerable to spectre/meltdown despite microcode being installed
Oracle VM VirtualBox
trac at virtualbox.org
Thu Sep 13 19:14:31 CEST 2018
#17987: VirtualBox 5.2.18 vulnerable to spectre/meltdown despite microcode being
installed
-------------------------------+--------------------------------------------
Reporter: adrelanos | Owner:
Type: defect | Status: reopened
Priority: major | Component: other
Version: VirtualBox 5.2.18 | Resolution:
Keywords: | Guest type: Linux
Host type: Linux |
-------------------------------+--------------------------------------------
Changes (by adrelanos):
* status: closed => reopened
* resolution: worksforme =>
Comment:
I hope you don't mind me reopening the ticket but mentioning {{{VBoxManage
modifyvm "foo" --spec-ctrl on}}} while my bug report already contained
{{{VBoxManage modifyvm vm-name --spec-ctrl on}}} makes me wonder if you
might have overlooked that.
Replying to [comment:1 klaus]:
> If you want the mitigation to be available in a VM (default is not,
because it comes at a cost) you can enable it. See the
https://www.virtualbox.org/manual/ch08.html,
> {{{
> VBoxManage modifyvm "foo" --spec-ctrl on
> }}}
My bug report in my post above contains
{{{
VBoxManage modifyvm vm-name --spec-ctrl on
}}}
So I did enable that setting already and yet {{{sudo spectre-meltdown-
checker --paranoid ; echo $?}}} exits non-zero and shows "vulnerable". Is
that expected?
--
Ticket URL: <https://www.virtualbox.org/ticket/17987#comment:2>
Oracle VM VirtualBox <https://www.virtualbox.org/>
More information about the Whonix-devel
mailing list