AlmaLinux 9.4 CPU vulnerability

I have an Azure deployed batch node on AlmaLinux 9.4 that reports vulnerabilities with the lscpu command. Any tips to resolve them:

Vendor ID: GenuineIntel
BIOS Vendor ID: None
Model name: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
BIOS Model name: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
CPU family: 6

Vulnerabilities:
Gather data sampling: Unknown: Dependent on hypervisor status
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown
Retbleed: Vulnerable
Spec rstack overflow: Not affected
Spec store bypass: Vulnerable
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines, STIBP disabled, RSB filling, PBRSB-eIBRS Not affected
Srbds: Not affected
Tsx async abort: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown

Thanks
Ray

The lscpu lists known hardware issues. The added twist is that you have a VM, so the CPU you see is what hypervisor (Azure) chose to show you. Even if some mitigation is available, your kernel cannot apply it as it is not on the bare metal.

One could look up each of those and estimate the risk for it.

For example:
If the “Spec store bypass” is same as cve-details then it was a thing before el9 did exists, and el8 was not affected. What are the chances of el9 being affected if el8 was not and there was a fix for el7?


PS. The support for AlmaLinux 9.4 did end when 9.5 was released last week.
dnf up

Hi jlehtone

Thanks for the comments, your insight has been helpful into our investigation.

Ray