Latest Post

Google issues security alert for Samsung Smart Phones BYD released smart watch with keyless function for BYD vehicles

Linux 5.19-rc8 still affected by Retbleed vulnerability but not far from fix

Linux 5.19-rc8 still affected by Retbleed vulnerability but not far from fix.

While security mitigation efforts for CPU vulnerabilities are typically in good shape on vulnerability embargo days, Retbleed is an exception.

Nearly two weeks after Retbleed was made public, the Linux kernel patching work around it continues, with more patches arriving today ahead of Linux 5.19-rc8 to address the impact of the mitigation process.

The patch for Retbleed was a bit rough this time around, and many of the issues weren’t discovered until the speculative execution attack was made public and the patch was merged into the Linux kernel.

After the Retbleed patch landed on the Linux kernel on “Patch Tuesday,” Linux kernel continuous integration (CI) and builders across organizations began to discover some edge cases and different build/runtime issues from the mitigated code.

The problems arose thanks to developers being aware and able to view these kernel patches.

A number of follow-up fixes followed to address various issues with the Retbleed code, and today another round of Retbleed’s fallout is “repackaging” Linux 5.19-rc8, which is still in bad shape.

Nearly two weeks later, Retbleed’s mitigations are still not in the Linux stable series due to various issues. But with the slowdown in Retbleed fixes, it looks like the mitigations and all the fixes will soon debut in the currently supported stable/LTS series.

This morning, with the x86/urgent newsgroup list update for v5.19-rc8, the good news finally came, Borislav Petkov sent a message to Linus Torvalds saying:

Hi, Linus please pull a few more fallout fixes for retbleed. It looks like their urgency is diminishing, so it looks like we’ve managed to catch any vulnerabilities exposed by the limited-scale -rc tests.

Maybe we are preparing… 🙂

Linux 5.19-rc8 still affected by Retbleed vulnerability but not far from fix

Some fixes to prevent returning thunks to patch unneeded LKDTM modules, avoid writing SPEC_CTRL MSRs on every kernel entry in the eIBRS section to enhance error output; protect EFI firmware calls by issuing IBPB on AMD CPUs, and make Retbleed mitigations Explicitly limited to x86_64 kernels.

As pointed out yesterday, the Retbleed mitigation does not work on x86 32-bit kernels, and key upstream developers have no interest in supporting this.

These are only functional fixes, but Retbleed still has a considerable impact on affected CPU models.

These Retbleed fixes and various other fixes will be part of the Linux 5.19-rc8 kernel coming later today. The Linux 5.19 stable release is expected next weekend.