RETBleed: WARNING

I have had this issue for probably at least a week. I do not see any notes about it on http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/whonix-17-2-0-7-point-release/20168 , but I assume it was caused by the point release.

Whenever I start up whonix gateway or whonix workstation, I get a number of messages on the black screen. One of these messages is the following.

“RETBleed: WARNING: Spectre v2 mitigation leaves CPU vulnerable to RETBleed attacks, data leaks possible!”

Is this intentional? Is it a problem? If so, what should I do about it?

In my attempt to self-support myself, I found [FIXED] Spectre v2 mitigation leaves CPU vulnerable to RETBleed attacks in Ubuntu | GoLinuxCloud on a search engine. It seems to say to either disable the message, disable the retbleed mitigations, or do something else to modify by system using “retpoline”. I do not know what that is, and I want to check with the forum before doing anything to mess up the system. I thought that the correct security decisions were implemented by default, and I do not want to mess up the default configuration without knowing what I am doing.

Is anyone else having this issue? Thank you for your help.

Host?

VM? VIrtualizer?

Host- Linux Mint 22 Wilma - Cinnamon Edition

VirtualBox Graphical User Interface Version 7.0.16_Ubuntu r162802

It’s VirtualBox upstream bugs. Documented here:
Spectre, Meltdown, VirtualBox

Nothing can be done about it from the Whonix side.

Kernel security settings are already “maxed out” through GitHub - Kicksecure/security-misc: Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc / Kernel Hardening - security-misc.

These issues are unspecific to Whonix.

1 Like