<div dir="ltr">Hi,<br><br>I am a System administrator with few Physical and Virtual machines.<br><br>I run the command  <br><br>grep . /sys/devices/system/cpu/vulnerabilities/* <br><br>on two machines and their guests<br><br><br>Machine 1 <br><br>/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected<br>/sys/devices/system/cpu/vulnerabilities/mds:Not affected<br>/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected<br>/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected<br>/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: Load fences, usercopy/swapgs barriers and __user pointer sanitization<br>/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline<br><br>Guest on Machine 1<br><br>/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected<br>/sys/devices/system/cpu/vulnerabilities/mds:Not affected<br>/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected<br>/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected<br>/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: Load fences, __user pointer sanitization<br>/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Retpoline without IBPB<br><br><br>Machine 2<br><br>/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable<br>/sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT vulnerable<br>/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI<br>/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp<br>/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: Load fences, __user pointer sanitization<br>/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: IBRS (kernel), IBPB<br><br>Guest on Machine 2<br><br>/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion<br>/sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT Host state unknown<br>/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI<br>/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable<br>/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: Load fences, __user pointer sanitization<br>/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Retpoline without IBPB<br><br>Why are the vulnerabilities different on host and guest?<br><br>I am using VirtualBox 6.0.12 with guest additions on both guests.<br><br>thanks.<br><br>--<br>Thomas Stephen Lee<br></div>