{{Header}} {{#seo: |description=Spectre/Meltdown security vulnerability caused by flaws in processors and how to patch them }} {{intro| Spectre/Meltdown security vulnerability caused by flaws in processors and how to patch them }} [[systemcheck|systemcheck]] might have referred you to this page. Note: * systemcheck is a diagnostic tool which automates showing the diagnostic output of other diagnostic tools. * {{project_name_long}} is not the cause of the issue. Don't kill the messenger. * Spectre/Meltdown is a security vulnerability caused by flaws in processors. * This page explains the state of affairs on how to protect form this security vulnerability. = Platform Specific = == Qubes == After [https://www.qubes-os.org/doc/how-to-install-software-in-dom0/ getting all dom0 host upgrades] and reboot this should be ok. {{Qubes_upgrade_dom0}} Reboot. {{CodeSelect|code= reboot }} == VirtualBox == There is no solution for [[VirtualBox]] yet. The bug has been reported to the VirtualBox developers. See [https://www.virtualbox.org/ticket/17987 this] and [https://www.virtualbox.org/ticket/18477 this] ticket. https://security.stackexchange.com/questions/211265/virtualbox-spectre-v4 The {{project_name_short}} developers depend on the VirtualBox developers for fixing this VirtualBox issue. Nevertheless: * Apply [[#Processor Microcode Updates|Processor Microcode Updates]] on your host operating system. * Consider the following experimental instructions. {{VirtualBox_Spectre_Meltdown}} * Check back later for updated instructions. [[Stay Tuned]]. == KVM == Apply [[#Processor Microcode Updates]] on your host operating system. The updated mitigative host CPU instructions are passed through by default. No further action is needed. = Processor Microcode Updates = {{Processor_Microcode_Updates}} = Leak Tests = [https://leaky.page leaky.page] - Google's PoC is a Spectre V1 gadget that is a JS array speculatively accessed out of bounds. While the V1 gadget can be mitigated at the software level, Chrome's V8 team determined that other gadgets such as for Spectre Variant 4 to be "simply infeasible in software" for mitigating. The code caters to Intel Skylake CPUs and can potentially work on other architectures and browsers with minor modifications to the JavaScript. Google was successful in running this attack on Apple M1 ARM CPUs without any major changes. https://www.phoronix.com/scan.php?page=news_item&px=Google-Leaky.Page-Spectre = References = {{reflist|close=1}} {{Footer}} [[Category:Documentation]]