Security News > 2023 > April > Linux kernel logic allowed Spectre attack on 'major cloud provider'

Linux kernel logic allowed Spectre attack on 'major cloud provider'
2023-04-14 06:27

"The kernel failed to protect applications that attempted to protect against Spectre v2, leaving them open to attack from other processes running on the same physical core in another hyperthread," the vulnerability disclosure explains.

Linux kernel 6.0 debuts, Linus Torvalds teases 'core new things' coming in version 6.1 Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant Apple gets lawsuit over Meltdown and Spectre dismissed Boffins release tool to decrypt Intel microcode.

Shortly after The Register first reported on the scramble to fix the Meltdown and Spectre bugs, Intel published details about Indirect Branch Restricted Speculation, a mechanism to restrict speculation of indirect branches, which tell processors to start executing instructions at a new location.

The bug hunters who identified the issue found that Linux userspace processes to defend against Spectre v2 didn't work on VMs of "At least one major cloud provider."

As the disclosure describes it, under basic IBRS, the 6.2 kernel had logic that opted out of STIBP, a defense against the sharing of branch prediction between logical processors on a core.

The Register understands that the issue arose from a misunderstanding of enhanced IBRS, which does not need STIBP to protect itself against another thread. The fix removed basic IBRS from the spectre v2 in ibrs mode() check, in order to keep STIBP on by default.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/04/14/linux_kernel_spectre_flaw_fixed/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2312 1489 67 3932
Kernel 3 0 8 4 1 13