Disable SMT to Prevent CPU Security Issues

For host systems supporting CPU SMT, system administrators should consider disabling the use of this configuration to prevent system security vulnerabilities. The CPU SMT configuration is typically enabled by default to enhance CPU workload performance.

For more details relating to the CPU SMT usage notice, see Oracle Linux: Simultaneous Multithreading Notice.

What Do You Need?

• The Cockpit web console must be installed and accessible.

  For details, see these topics: Install and Enable Cockpit and Log in to the Cockpit Web Console.

• Administrator privileges.

Steps

WARNING:

Disabling SMT on the host requires restarting the system.

Using the Cockpit web console, follow these steps to disable the SMT configuration on the host system.

1. In the Cockpit navigation pane, click Overview.
2. In the Overview page, perform the following:
   1. Navigate to the System Information panel and click View hardware details.
   2. In the Hardware information page, find the CPU Security property, and, if available, click Mitigations.

      Important:

      For system configurations where CPU SMT isn't available, the Security link for Mitigations doesn't appear. In these instances, the system configuration isn't considered vulnerable to security related attacks because of the misuse of CPU SMT.

      The CPU security toggle dialog appears.

3. In the CPU security toggle dialog, perform the following:
   1. (Optional) Click Read to access further details about CPU SMT configurations.
   2. Click the toggle button to set the Disable simultaneous multi-threading (nosmt) property.
   3. Click Save and Reboot.

      The host system restarts and disables the CPU use of SMT.