The newest kernel series dated on or after 6/10/2020 have automated the activation of a mitigation. Intel has listed thee affected processor series HERESRBDS is an MDS-like speculative side channel that can leak bits from the
random number generator (RNG) across cores and threads. New microcode
serializes the processor access during the execution of RDRAND and
RDSEED. This ensures that the shared buffer is overwritten before it is
released for reuse.
While it is present on all affected CPU models, the microcode mitigation
is not needed on models that enumerate ARCH_CAPABILITIES[MDS_NO] in the
cases where TSX is not supported or has been disabled with TSX_CTRL.
In addition to the kernel update for the mitigation, there are several patches for x86 and ext4. All longterm kernels are updated.
Developers please take note.
Regards
8Geee