Usually, if you are susceptible to the SMT CPU vulnerability, the Linux kernel will automatically apply mitigations, but will not disable SMT, which would be equivalent to:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash mitigations=auto"
mitigations=auto
is the default, so it's not usually included in that line.
If you're susceptible to the SMT CPU vulnerability, and you're paranoid about data exfiltration, you can disable SMT.
Open gedit as root:
sudo gedit
In gedit, open the file:
/etc/default/grub
Change:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
to:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash mitigations=auto,nosmt"
Save the file and exit gedit, then issue:
sudo update-grub
Reboot:
sudo reboot
Then inspect the applied CPU vulnerability mitigations:
sudo lscpu
You will note that if you've got what Windows calls Hyper-Threading and a 4 core CPU, that 4 of your CPUs are now offline, and 4 are online.
I'm not sure if that means that half of your processor is now unusable, or if the system is now using the 4 cores as if they're full CPUs and it doesn't matter that those 4 CPUs are offline. Anyone know?