Security News > 2023 > April > Linux kernel logic allowed Spectre attack on 'major cloud provider'
"The kernel failed to protect applications that attempted to protect against Spectre v2, leaving them open to attack from other processes running on the same physical core in another hyperthread," the vulnerability disclosure explains.
Linux kernel 6.0 debuts, Linus Torvalds teases 'core new things' coming in version 6.1 Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant Apple gets lawsuit over Meltdown and Spectre dismissed Boffins release tool to decrypt Intel microcode.
Shortly after The Register first reported on the scramble to fix the Meltdown and Spectre bugs, Intel published details about Indirect Branch Restricted Speculation, a mechanism to restrict speculation of indirect branches, which tell processors to start executing instructions at a new location.
The bug hunters who identified the issue found that Linux userspace processes to defend against Spectre v2 didn't work on VMs of "At least one major cloud provider."
As the disclosure describes it, under basic IBRS, the 6.2 kernel had logic that opted out of STIBP, a defense against the sharing of branch prediction between logical processors on a core.
The Register understands that the issue arose from a misunderstanding of enhanced IBRS, which does not need STIBP to protect itself against another thread. The fix removed basic IBRS from the spectre v2 in ibrs mode() check, in order to keep STIBP on by default.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/04/14/linux_kernel_spectre_flaw_fixed/
Related news
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Mixing Rust and C in Linux likened to cancer by kernel maintainer (source)
- 'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters (source)
- Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable (source)