This merge adds the kernel-side bits around mitigating AMD’s Speculative Return Address Stack (RAS) overflow vulnerability for Zen 3 and Zen 4. See this earlier article for details on this AMD INCEPTION disclosure.

Linus also merged the kernel changes around Intel Gather Data Sampling (GDS) / DOWNFALL. See the Intel DOWNFALL vulnerability overview for details on that issue affecting Skylake through Ice Lake / Tigerlake processors.

These security patches are now in Linux Git for the Linux 6.5 kernel while they should also be back-ported to the Linux stable series over the next few days.

Update: Six New Stable Linux Kernel Updates For Intel DOWNFALL & AMD INCEPTION

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    This is the best summary I could come up with:


    There used to be a time when Patch Tuesday wasn’t so busy in the Linux space, but certainly not this month… Linus Torvalds just pushed the kernel code changes around AMD INCEPTION and Intel DOWNFALL as well as other security patches.

    This merge adds the kernel-side bits around mitigating AMD’s Speculative Return Address Stack (RAS) overflow vulnerability for Zen 3 and Zen 4.

    "Add a mitigation for the speculative RAS (Return Address Stack) overflow vulnerability on AMD processors.

    In short, this is yet another issue where userspace poisons a microarchitectural structure which can then be used to leak privileged information through a side channel" Linus also merged the kernel changes around Intel Gather Data Sampling (GDS) / DOWNFALL.

    See the Intel DOWNFALL vulnerability overview for details on that issue affecting Skylake through Ice Lake / Tigerlake processors.

    Both the separate AMD and Intel processors need microcode updates that should be pushed out any minute.


    I’m a bot and I’m open source!