Linux 5.19-rc8 still affected by Retbleed vulnerability but not far from fix
- An American company made 0.7nm chips: EUV lithography machines can’t do it
- CVE-2007-4559 Python vulnerability ignored for 15 years puts 350,000 projects at risk of code execution
- RISC-V only takes 12 years to achieve the milestone of 10 billion cores
- 14000 cores + 450W: RTX 4080 graphics card perfectly replaces the RTX 3080
- Big upgrade: The difference between Bluetooth 5.0 and 5.2
- Geeks Disappointed that RTX 4080/4090 doesn’t come with PCIe 5.0
- What are advantages and disadvantages of different load balancing?
Linux 5.19-rc8 still affected by Retbleed vulnerability but not far from fix.
While security mitigation efforts for CPU vulnerabilities are typically in good shape on vulnerability embargo days, Retbleed is an exception.
Nearly two weeks after Retbleed was made public, the Linux kernel patching work around it continues, with more patches arriving today ahead of Linux 5.19-rc8 to address the impact of the mitigation process.
The patch for Retbleed was a bit rough this time around, and many of the issues weren’t discovered until the speculative execution attack was made public and the patch was merged into the Linux kernel.
After the Retbleed patch landed on the Linux kernel on “Patch Tuesday,” Linux kernel continuous integration (CI) and builders across organizations began to discover some edge cases and different build/runtime issues from the mitigated code.
The problems arose thanks to developers being aware and able to view these kernel patches.
A number of follow-up fixes followed to address various issues with the Retbleed code, and today another round of Retbleed’s fallout is “repackaging” Linux 5.19-rc8, which is still in bad shape.
Nearly two weeks later, Retbleed’s mitigations are still not in the Linux stable series due to various issues. But with the slowdown in Retbleed fixes, it looks like the mitigations and all the fixes will soon debut in the currently supported stable/LTS series.
This morning, with the x86/urgent newsgroup list update for v5.19-rc8, the good news finally came, Borislav Petkov sent a message to Linus Torvalds saying:
Hi, Linus please pull a few more fallout fixes for retbleed. It looks like their urgency is diminishing, so it looks like we’ve managed to catch any vulnerabilities exposed by the limited-scale -rc tests.
Maybe we are preparing… 🙂
Some fixes to prevent returning thunks to patch unneeded LKDTM modules, avoid writing SPEC_CTRL MSRs on every kernel entry in the eIBRS section to enhance error output; protect EFI firmware calls by issuing IBPB on AMD CPUs, and make Retbleed mitigations Explicitly limited to x86_64 kernels.
As pointed out yesterday, the Retbleed mitigation does not work on x86 32-bit kernels, and key upstream developers have no interest in supporting this.
These are only functional fixes, but Retbleed still has a considerable impact on affected CPU models.
These Retbleed fixes and various other fixes will be part of the Linux 5.19-rc8 kernel coming later today. The Linux 5.19 stable release is expected next weekend.
- DIY a PBX (Phone System) on Raspberry Pi
- How to host multiple websites on Raspberry Pi 3/4?
- A Free Intercom/Paging system with Raspberry pi and old Android phones
- DIY project: How to use Raspberry Pi to build DNS server?
- Raspberry Pi project : How to use Raspberry Pi to build git server?