RETBleed: WARNING: Spectre v2 mitigation leaves CPU vulnerable to RETBleed attacks, data leaks possible!

[stdperson]

On VirtualBox 6.1.36, Debian, Windows builds, upon starting both exiting Debian and Ubuntu virtual machines, the warning RETBleed: WARNING: Spectre v2 mitigation leaves CPU vulnerable to RETBleed attacks, data leaks possible! comes up on boot after grub2. Porting Debian virtual machine to VMWare Workstation Pro 15.5.7, Windows 11 build base contains no such boot errors. Creation of new Ubuntu virtual machine from latest iso , virtualbox 6.1.36 gives same warning RETBleed: WARNING: Spectre v2 mitigation leaves CPU vulnerable to RETBleed attacks, data leaks possible! Creation of a new Ubuntu virtual machine in VMware gives no such warning.

PHY HW is Intel i5 (i5-8250u) and cpuinfo shows no cpu_insecure flag.

Did not test a Windows virtual machine in virtualbox to see if warning occurred.

Suspect virtualbox code base is not patched against Spectre v2 or warning message not correct in conditional tree.

Others reporting similar, see ​https://ubuntuforums.org/showthread.php?t=2477938

[fth0]

What happens if you provide the speculation control interfaces to the guest with VBoxManage modifyvm "VM name" --spec-ctrl on?

[sambo]

yes I am facing this issue currently also

[yoloz]

yes I am facing this issue currently also, virtualBox 6.1.38

[bit_bot]

I'm currently experiencing this issue on VBox 6.1.38_Ubuntu r153438 (installed from Ubuntu repositories). Warning disappeared after I run the command suggested by fth0

HOST: Ubuntu 20.04
GUEST: Ubuntu 18.04

Cpu: i5-10400

[fth0]

Then everything is ok IMO. You can either provide the speculation control interfaces to the guest, or prefer to get more performance from the guest, it's up to you.