The "Retbleed" speculative execution vulnerabilities

Some researchers at ETH Zurich have disclosed anew set of speculative-execution vulnerabilities known as "Retbleed". Inshort, the retpoline defenses added when Spectre was initially disclosedturn out to be insufficient on x86 machines because return instructions,too, can be speculatively executed.

Kernel and hypervisor developers have developed mitigations incoordination with Intel and AMD. Mitigating Retbleed in the Linuxkernel required a substantial effort, involving changes to 68files, 1783 new lines and 387 removed lines. Our performanceevaluation shows that mitigating Retbleed has unfortunately turnedout to be expensive: we have measured between 14% and 39% overheadwith the AMD and Intel patches respectively.

Those mitigations were pulled into the mainlinekernel today. They are not in the July 12 stable kernelupdates but will almost certainly show up in those channels soon.