I’ve been hearing about the latest cpu vulnerability, retbleed. Everything I’ve seen has suggested that the mitigation of this particular vulnerability could have a performance hit of up to 39%. Today I saw a new release of intel-microcode available in the jammy proposed repository. I checked out the git and it looks like this micro code update particularly addresses retbleed.
So my understanding is that this set of vulnerabilties, including spectre and meltdown, require local access. As a home user, this feels like a particularly intense performance hit to take for a vulnerability that seems unlikely to affect me. I’ve currently pinned that package with apt-mark until I decide what I want to do.
Is anybody else thinking about holding back on this micro code update? I’ve also seen that the linux kernel itself has implemented mitigations as of 5.19. Do those kernel level mitigations have the same performance hit?
I’ve asked this question about other CPU mitigations, long ago in the TuxDigital matrix room.
A bunch of users don’t apply the cpu mitigations on their home desktops. Enough that it convinced me not to do so either.
As the community is full of security minded people and paranoid crockpots as well, I don’t think you’ll find a definitive answer. It’s really kind of going to boil down to what you’re comfortable with.
thanks for clarifying that! I’ve always mitigated spectre/meltdown in the past for desktop systems, regardless of the performance hit so I’ll probably do the same again. I actually realized I had already installed that microcode on my 2 laptops running Debian Sid over intel chips and I havn’t noticed any insane performance loss yet. Granted, those are pretty much just web browsers at this point.