Security News > 2023 > April > Linux kernel logic allowed Spectre attack on 'major cloud provider'
"The kernel failed to protect applications that attempted to protect against Spectre v2, leaving them open to attack from other processes running on the same physical core in another hyperthread," the vulnerability disclosure explains.
Linux kernel 6.0 debuts, Linus Torvalds teases 'core new things' coming in version 6.1 Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant Apple gets lawsuit over Meltdown and Spectre dismissed Boffins release tool to decrypt Intel microcode.
Shortly after The Register first reported on the scramble to fix the Meltdown and Spectre bugs, Intel published details about Indirect Branch Restricted Speculation, a mechanism to restrict speculation of indirect branches, which tell processors to start executing instructions at a new location.
The bug hunters who identified the issue found that Linux userspace processes to defend against Spectre v2 didn't work on VMs of "At least one major cloud provider."
As the disclosure describes it, under basic IBRS, the 6.2 kernel had logic that opted out of STIBP, a defense against the sharing of branch prediction between logical processors on a core.
The Register understands that the issue arose from a misunderstanding of enhanced IBRS, which does not need STIBP to protect itself against another thread. The fix removed basic IBRS from the spectre v2 in ibrs mode() check, in order to keep STIBP on by default.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/04/14/linux_kernel_spectre_flaw_fixed/
Related news
- Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)
- Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (source)
- How much does cloud-based identity expand your attack surface? (source)
- Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks (source)