Hello! I’m trying to fix the “Intel GDS Mitigation” warning in Device Security.

Ubuntu Version:
Ubuntu 24.04.2 LTS

Desktop Environment (if applicable):
GNOME

Problem Description:
I just really need to solve this security issue. Switched to Ubuntu 2 months ago, and just last month I got unauthorized charges on my credit card for the first time in 5 years. I know there’s a lot of possibilities but it would give me great peace of mind if I can rule out that it’s a vulnerability in my system that caused it.

I am not tech-savvy. And I tried to research solutions which either gave me troubleshooting steps to try or splattered technical terminologies so hard to understand onto my face. Hehe. So if you could give easy-to-follow instructions, I’d appreciate it.

Relevant System Information:
I’m using Lenovo X390 Type 20Q1 dual boot with Windows 10 and Ubuntu.
Processor: Intel Core i5-8265U x 8

Screenshots or Error Messages:
“Intel GDS Mitigation
2025-06-09 12-21:12
CPU Microcode must be updated to mitigate against various information-disclosure security issues.
This issue could have been caused by a change in the UEFI firmware settings, or because of malicious software on this system.”

lscpu output:
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 39 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 8
On-line CPU(s) list: 0-7
Vendor ID: GenuineIntel
Model name: Intel(R) Core™ i5-8265U CPU @ 1.60GHz
CPU family: 6
Model: 142
Thread(s) per core: 2
Core(s) per socket: 4
Socket(s): 1
Stepping: 12
CPU(s) scaling MHz: 91%
CPU max MHz: 1600.0000
CPU min MHz: 400.0000
BogoMIPS: 3600.00
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge m
ca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 s
s ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc
art arch_perfmon pebs bts rep_good nopl xtopology nons
top_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor
ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid
sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer a
es xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpu
id_fault epb ssbd ibrs ibpb stibp ibrs_enhanced tpr_sh
adow flexpriority ept vpid ept_ad fsgsbase tsc_adjust
sgx bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx sm
ap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves
dtherm ida arat pln pts hwp hwp_notify hwp_act_window
hwp_epp vnmi md_clear flush_l1d arch_capabilities
Virtualization features:
Virtualization: VT-x
Caches (sum of all):
L1d: 128 KiB (4 instances)
L1i: 128 KiB (4 instances)
L2: 1 MiB (4 instances)
L3: 6 MiB (1 instance)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0-7
Vulnerabilities:
Gather data sampling: Vulnerable
Ghostwrite: Not affected
Itlb multihit: KVM: Mitigation: Split huge pages
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Mitigation; Clear CPU buffers; SMT vulnerable
Reg file data sampling: Not affected
Retbleed: Mitigation; Enhanced IBRS
Spec rstack overflow: Not affected
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prct
l
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointe
r sanitization
Spectre v2: Mitigation; Enhanced / Automatic IBRS; IBPB conditiona
l; PBRSB-eIBRS SW sequence; BHI SW loop, KVM SW loop
Srbds: Mitigation; Microcode
Tsx async abort: Not affected

What I’ve Tried:

• apt update && upgrade
• apt dist-upgrade
• fwupdmgr refresh && update.
• Downloaded BIOS/UEFI updater from Lenovo’s website, but Ubuntu prompts that the version is older that what is currently installed.
• install --reinstall intel-microcode

Any help will be appreciated!