[SRU][B/J/K/OEM-5.14/OEM-5.17/OEM-6.0][PATCH v2 0/1] CVE-2023-0045
Yuxuan Luo
yuxuan.luo at canonical.com
Thu Feb 9 20:10:31 UTC 2023
[Impact]
It is discovered that the Linux kernel fails to correctly mitigate the
Spectre-BTI attacks, leaving the process exposed for a short period of time
after the syscall, which renders the victim vulnerable to values already
injected on the BTB, prior to the prctl syscall.
[Backport]
It is a clean cherry-pick for all three affected kernels.
[Test]
Compile, boot, and run the PoC given by the discoverer:
https://github.com/es0j/CVE-2023-0045
[Potential Regression]
The risk of the potential regression should be fairly low and limited to the
specific file.
Rodrigo Branco (1):
x86/bugs: Flush IBP in ib_prctl_set()
arch/x86/kernel/cpu/bugs.c | 2 ++
1 file changed, 2 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list