On Thu, 14 May 2020 23:01:04 +0530 Sreyan Chakravarty <sreyan32@xxxxxxxxx> wrote: > While booting up I get a scary message saying: > > L1TF CPU bug present and SMT on, data leak possible. > The scariest thing about this bug, specifically, is that even > malicious VMs pose a threat. May speculative execution burn in hell. > > I am no expert on hardware or these types of obscure vulnerabilities > so any advice/tips/help is greatly appreciated. If you are the only user on your machine, you almost certainly don't have to worry about this. It requires that the process to perform this attack be running on your machine at the same time as the process that is being attacked, and running on the same cpu / core. If you go here, https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html you will see that there are no known examples of a real world exploit as far as intel knows. If it were to be carried out by a malicious program with no person present, it would have to save the data, and mail it home in some way. It is possible that a program that you installed by rpm would have this, but very unlikely. The main threat of this attack was on cloud servers where many different users are running under virtual machines. These are meant to be silos, but this attack would allow someone on one virtual machine to capture data of another virtual machine running on the same core. I think for single use systems, Tom's response is the correct one, but you can worry if you want. :-) _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
