Benjamin Carr, Ph.D. 👨🏻‍💻🧬Apr 12, 2024
New #SpectreV2 attack impacts #Linux systems on #Intel #CPU
Researchers have demonstrated the "first native #Spectre v2 #exploit" for a new #speculativeexecution side-channel flaw that impacts Linux systems running on many modern Intel processors.
Current mitigations are designed around isolating exploitable gadgets to remove the attack surface. Researchers, through custom 'InSpectre Gadget' analysis tool, demonstrated that exploitable gadgets in the Linux kernel remain.
https://www.bleepingcomputer.com/news/security/new-spectre-v2-attack-impacts-linux-systems-on-intel-cpus/
New Spectre v2 attack impacts Linux systems on Intel CPUs

Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors.

BleepingComputer
Thorsten Leemhuis (acct. 1/4)Feb 14, 2023

Just merged into #Linux mainline [edit: and various newly released stable/longterm #kernel like 6.1.12]:

```Certain #AMD processors are vulnerable to a cross-thread return address predictions bug. […] #SpectreV2 […] These patches introduce a KVM module parameter that, if set, will prevent the user from disabling the HLT, MWAIT and CSTATE exits```

Merge: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82eac0c830b7d917bd2a8806eb6ed21ef1e0f84e Docs: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=493a2c2d23ca91afba96ac32b6cbafb54382c2a3

CVE-2022-27672 – Cross-Thread Return Address Predictions: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27672

kernel/git/torvalds/linux.git - Linux kernel source tree

Marcel SIneM(S)USNov 13, 2022
#Patchday: #AMD, #Intel und #Lenovo müssen Sicherheitslecks abdichten | heise online https://www.heise.de/news/Patchday-AMD-Intel-und-Lenovo-muessen-Sicherheitslecks-abdichten-7335686.html #SpectreV2
Patchday: AMD, Intel und Lenovo müssen Sicherheitslecks abdichten

Die Prozessorhersteller AMD und Intel stopfen im November einige Sicherheitslücken. Lenovo korrigiert sicherheitsrelevante Fehler in BIOS und Software.

heise online
heise online (inoffiziell)Nov 10, 2022
Die Prozessorhersteller AMD und Intel stopfen im November einige Sicherheitslücken. Lenovo korrigiert sicherheitsrelevante Fehler in BIOS und Software.
Patchday: AMD, Intel und Lenovo müssen Sicherheitslecks abdichten
Patchday: AMD, Intel und Lenovo müssen Sicherheitslecks abdichten

Die Prozessorhersteller AMD und Intel stopfen im November einige Sicherheitslücken. Lenovo korrigiert sicherheitsrelevante Fehler in BIOS und Software.

heise online
Thorsten 'the Linux kernel logger' Leemhuis(6/6)Dec 4, 2018
#Linux #kernel 4.19.7 and 4.14.86 are under review now. They contain patches recently merged to mainline (see below thread for details) that improve #spectrev2 protection without the big performance impact an earlier attempt had.
lore.kernel.org/lkml/201812041… https://lore.kernel.org/lkml/[email protected]/
lore.kernel.org/lkml/201812041… https://lore.kernel.org/lkml/[email protected]/

♲ @Thorsten 'the Linux kernel logger' Leemhuis(6/6) ([email protected]): The (in)famous #kernel performance regression in #Linux mainline/4.20-rc got fixed, as Linus merged the patch series that reworks the #STIBP stuff that helps mitigating #spectre v2. It's CCed stable and thus will show up in stable & longterm kernels, too. git.kernel.org/torvalds/c/4b7… https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4b78317679c4f3782a3cff0ddb269c1fcfde7621

git.kernel.org/pub/scm/linux/k…
Friendica Social Network | Search