The "special register buffer data sampling" hardware vulnerability

by
corbet
from LWN.net on (#54GQR)
We have not had a new CPU vulnerability for a little while - a situationthat was clearly too good to last. The mainline kernel has just mergedmitigations for the "special register buffer data sampling" vulnerabilitywhich, in short, allows an attacker to spy on the random numbers obtainedby others. In particular, the results of the RDRAND instructioncan be obtained via a speculative attack.

The mitigation involves more flushing and the serialization ofRDRAND. That means a RDRAND instruction will take longerto run, but it also means that RDRAND requires locking across thesystem, which will slow things considerably if it is executed frequently.There are ways to turn the mitigations off, of course. See this new kernel document for moreinformation.

These fixes are currently queued to be part of the5.7.2,5.6.18,5.4.46,4.19.128,4.14.1844.9.227,4.4.227, and3.16.85stable updates.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments