SRBDS vulnerability: Unknown: Dependent on hypervisor status


I am getting this result:

user@dom0:~ > cat /sys/devices/system/cpu/vulnerabilities/srbds 
Unknown: Dependent on hypervisor status

This article comments on this value:

“Running on virtual guest processor that is affected but with no way to know if host processor is mitigated or vulnerable.”

Doesn’t dom0 run on bare metal (host processor), not on virtual guest processor?

How do I check the actual status?

I’m not an expert, but from what I understand, the answer is “no”: Xen is what runs on bare metal (it’s a Type 1 bare-metal hypervisor), and dom0 is a VM (it’s the zeroth Xen domain).


This is exactly right: somewhat simplified:
In Type 1:
Hardware → hypervisor → dom0, domU…
In Type 2:
Hardware → OS → hypervisor → VMs

dom0 is the initial VM started by the hypervisor - it is the first
domain to be started, has privileged access to hardware, provides virtual
disks to the domU,and runs the Xen management tools.


Thanks for the clarifications.

So, how do I check the actual status?

What processor do you have?


On this particular machine it is i7-10610U.
But I would like to know the answer in general (how to check for any CPU).

Can anybody help with that please?

I’m also not an expert, but since Xen is responsible for that, you might have a better luck asking on Xen forums.


I thought about that too but IIUC Qubes OS uses a modified (not “vanilla”) Xen, so I suppose it is more relevant to ask here and have the answer available to the whole community.

I am confident there are highly qualified people here, so hopefully someone can step in and shed some light on the matter.