This merge adds the kernel-side bits around mitigating AMD’s Speculative Return Address Stack (RAS) overflow vulnerability for Zen 3 and Zen 4. See this earlier article for details on this AMD INCEPTION disclosure.

Linus also merged the kernel changes around Intel Gather Data Sampling (GDS) / DOWNFALL. See the Intel DOWNFALL vulnerability overview for details on that issue affecting Skylake through Ice Lake / Tigerlake processors.

These security patches are now in Linux Git for the Linux 6.5 kernel while they should also be back-ported to the Linux stable series over the next few days.

Update: Six New Stable Linux Kernel Updates For Intel DOWNFALL & AMD INCEPTION

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    This is the best summary I could come up with:


    There used to be a time when Patch Tuesday wasn’t so busy in the Linux space, but certainly not this month… Linus Torvalds just pushed the kernel code changes around AMD INCEPTION and Intel DOWNFALL as well as other security patches.

    This merge adds the kernel-side bits around mitigating AMD’s Speculative Return Address Stack (RAS) overflow vulnerability for Zen 3 and Zen 4.

    "Add a mitigation for the speculative RAS (Return Address Stack) overflow vulnerability on AMD processors.

    In short, this is yet another issue where userspace poisons a microarchitectural structure which can then be used to leak privileged information through a side channel" Linus also merged the kernel changes around Intel Gather Data Sampling (GDS) / DOWNFALL.

    See the Intel DOWNFALL vulnerability overview for details on that issue affecting Skylake through Ice Lake / Tigerlake processors.

    Both the separate AMD and Intel processors need microcode updates that should be pushed out any minute.


    I’m a bot and I’m open source!

  • pnutzh4x0rOPA
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    Here is the Downfall writeup, which includes videos of extracting information in various situations.

    [A] GDS is highly practical. It tooks me 2 weeks to develop an end-to-end attack stealing encryption keys from OpenSSL. It only requires the attacker and victim to share the same physical processor core, which frequently happens on modern-day computers, implementing preemptive multitasking and simultaneous multithreading.

    [A] In addition to normal isolation boundaries e.g., virtual machines, processes, user-kernel isolation, Intel SGX is also affected. Intel SGX is a hardware security feature available on Intel CPUs to protect user’s data against all form of malicious software.