Microarchitectural Data Sampling (MDS) is a hardware vulnerability which allows unprivileged
speculative access to data which is available in various CPU internal buffers.
When performing store, load, L1 refill operations, processors write data into temporary
microarchitectural structures (buffers), and the data in the buffer can be forwarded to load
operations as an optimization.
Under certain conditions, data unrelated to the load operations can be speculatively
forwarded from the buffers to a disclosure gadget which allows in turn to infer the value
via a cache side channel attack.
Select the appropriate mitigation by adding the argument
mds= to the default
GRUB 2 command line for the Linux operating system.
Configure the default Grub2 kernel command line to contain mds= as follows:
# grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) mds="
Not all processors are affected by all variants of MDS, but the mitigation mechanism is
identical for all of them.
Since Linux Kernel 5.2 you can check whether the system is vulnerable or mitigated with the
following command:
cat /sys/devices/system/cpu/vulnerabilities/mds