Article 6AV4M Linux Kernel Logic Allowed Spectre Attack on Major Cloud

Linux Kernel Logic Allowed Spectre Attack on Major Cloud

by
janrinok
from SoylentNews on (#6AV4M)

upstart writes:

Kernel 6.2 ditched a useful defense against ghostly chip design flaw:

The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it.

On Thursday, Eduardo (sirdarckcat) Vela Nava, from Google's product security response team, disclosed a Spectre-related flaw in version 6.2 of the Linux kernel.

The bug, designated medium severity, was initially reported to cloud service providers - those most likely to be affected - on December 31, 2022, and was patched in Linux on February 27, 2023.

"The kernel failed to protect applications that attempted to protect against Spectre v2, leaving them open to attack from other processes running on the same physical core in another hyperthread," the vulnerability disclosure explains. The consequence of that attack is potential information exposure (e.g., leaked private keys) through this pernicous problem.

The moniker Spectre [PDF] describes a set of vulnerabilities that abuse speculative execution, a processor performance optimization in which potential instructions are executed in advance to save time.

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments