NACK: [SRU][B/J/K][PATCH 0/1] CVE-2023-0045
Yuxuan Luo
yuxuan.luo at canonical.com
Thu Feb 9 20:07:20 UTC 2023
A v2 patch including OEM kernels is on the way.
On 2/9/23 12:54, Yuxuan Luo wrote:
> [Impact]
> It is discovered that the Linux kernel fails to correctly mitigate the
> Spectre-BTI attacks, leaving the process exposed for a short period of time
> after the syscall, which renders the victim vulnerable to values already
> injected on the BTB, prior to the prctl syscall.
>
> [Backport]
> It is a clean cherry-pick for all three affected kernels.
>
> [Test]
> Compile, boot, and run the PoC given by the discoverer:
> https://github.com/es0j/CVE-2023-0045
>
> [Potential Regression]
> The risk of the potential regression should be fairly low and limited to the
> specific file.
>
> Rodrigo Branco (1):
> x86/bugs: Flush IBP in ib_prctl_set()
>
> arch/x86/kernel/cpu/bugs.c | 2 ++
> 1 file changed, 2 insertions(+)
>
More information about the kernel-team
mailing list