Problem/message L1TF CPU bug and data leak

M

Madtrick

Active Member
Mar 17, 2019
43
3
28
54
Germany
Hi.
To test different things, I installed the PVE several times on the same machine.
So I always had a fresh system.

The machine is a Fujitsu RX300 S7 with a XEON E5-2630L.

I get the following error message after the installation:

L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.

PVE was then updated, but that did not work either. The message is still coming.

After Google search and research I am not smarter.

How can the security hole be closed?
What can be done?

Translated with www.DeepL.com/Translator (free version)
 
It's not an error message, it's a warning. It just tells you that you have Hyper-Threading (SMT) enabled, which means that a malicious guest VM could theoretically access confidential data on the host (as described in the kernel.org link you posted).

This is a hardware flaw on intel systems, and can (as far as I'm aware) only be mitigated by disabling Hyper-Threading (SMT), usually done in BIOS. Keep in mind that this incurs a (potentially hefty) performance penalty.
 
  • Like
Reactions: Gilberto Ferreira, bhatmag1ck and chipbreak
JL17 said:
can this warning be disabled?
Click to expand...
You can actually fix it by disabling hyper-threading in the BIOS (or use the nosmt=force kernel parameters in the unlikely case that the BIOS has no such option).

EDIT: Turns out that it can be disable without fixing the problem.
 
Last edited:
mac.linux.free said:
yes it can be disabled:

nano /etc/default/grub

add to kernel line mitigations=off

update-grub
reboot

warning is gone :)
Click to expand...

thanx for your answer! did it but the warning stills there:

changed this line on /etc/default/grub:
GRUB_CMDLINE_LINUX_DEFAULT="quiet mitigations=off"

made update-grub and reboot, but the warning persist.
Maybe i did somethjing wrong?
 
I just set up a PVE node on a Dell Optiplex 5040.

It throws this warning on boot.

In a home server environment, how much do I actually need to worry about a potential data leak from this?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back