Thought you'd fixed those Linux Spectre issues? Guess again, and AMD users need to be especially on their toes

2020-06-09 19:39

In three posts marked urgent to the Linux kernel mailing list on Tuesday, Anthony Steinhauser points out problems with countermeasures put in place to block Spectre vulnerabilities in modern Intel and AMD x86 microprocessors that perform speculative execution.

The Spectre family of flaws involve making a target system speculate - perform an operation it may not need - in order to expose confidential data so an attacker can obtain it through an unprotected side channel.

"If the victim runs after the attacker the victim becomes vulnerable to Spectre V4.".

Linux will also force-disable a Spectre mitigation called Indirect Branch Prediction Barrier - a defense against Branch Target Buffer attacks from Spectre V2 - in certain situations, specifically when STIBP is not available or when Indirect Branch Restricted Speculation is available.

This could make AMD-powered computers running Linux vulnerable since the manufacturer advises [PDF] using IBPB rather than IBRS or STIBP to defend against Spectre V2. Finally, Steinhauser points out that settings for disabling indirect branch speculation don't work.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/06/09/linux_bugs_spectre/

#AMD #linux #spectre

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		18	360	1428	1125	695	3608
AMD		746	28	115	79	22	244

News URL

Related news

Related vendor