Linux kernel on Intel systems is susceptible to Spectre v2 attacks 09 Apr 2024

ronjor · Apr 9, 2024

Original Release Date: 2024-04-09 | Last Revised: 2024-04-09

Overview
A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v2 branch history injection (BHI) are likely affected.
Click to expand...

An unauthenticated attacker can exploit this vulnerability to leak privileged memory from the CPU by speculatively jumping to a chosen gadget. Current research shows that existing mitigation techniques of disabling privileged eBPF and enabling (Fine)IBT are insufficient in stopping BHI exploitation against the kernel/hypervisor.
Click to expand...

Solution
Please update your software according to the recommendations from respective vendors with the latest mitigations available to address this vulnerability and its variants.
Click to expand...

BoerenkoolMetWorst · Apr 10, 2024

It seems Windows is vulnerable as well, it's in the April 2024 updates overview:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr
Note that the mitigation is disabled by default and needs to be enabled in the registry:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0001

Log in or Sign up

Linux kernel on Intel systems is susceptible to Spectre v2 attacks 09 Apr 2024

ronjor Global Moderator

BoerenkoolMetWorst Registered Member

Log in or Sign up

Linux kernel on Intel systems is susceptible to Spectre v2 attacks 09 Apr 2024

ronjor Global Moderator

BoerenkoolMetWorst Registered Member

Useful Searches