Issue
Intel CPU listed here are affected to CVE-2022-40982 Intel Downfall attack
Environment
- CloudLinux 7
- CloudLinux 8
- Intel CPU listed here
Solution
For CloudLinux 8
- Ensure that the microcode_ctl package has 20220809-2.20230214.1 version or higher
# dnf update microcode_ctl-20220809-2.20230214.1.el8_8.alma.x86_64
- Reload microcode with:
# echo 1 > /sys/devices/system/cpu/microcode/reload
Note: No reboot required
For CloudLinux 7
Ensure that the microcode_ctl package has version "2.1-73.15" or higher
# yum update microcode_ctl-2.1-73.15.el7_9.cloudlinux.x86_64
If you decide to disable the mitigation after doing a thorough risk analysis (for example, the system isn’t multi-tenant and doesn’t execute untrusted code). After applying the microcode and kernel updates, you can disable the mitigation by adding gather_data_sampling=off
to the kernel command line option GRUB_CMDLINE_LINUX=
in /etc/default/grub
Alternatively, to disable all CPU speculative execution mitigations, including GDS, use the option mitigations=off
Cause
CVE-2022-40982 Intel Downfall vulnerability
Comments
0 comments
Please sign in to leave a comment.