Researchers from the Google Product Security Response Team discovered a vulnerability in the Linux 6.2 kernel that could have enabled a Spectre attack. The vulnerability has since been patched.
The researchers discovered that a vulnerability in the Linux 6.2 kernel could have allowed malicious parties to carry out a so-called Spectrev2 attack. Spectrev2 is a variant of the well-known Spectre vulnerability that enables side-channel attacks against processors, allowing sensitive data to be leaked without detection.
According to the researchers, the kernel was unable to protect applications against Spectrev2 due to the vulnerability. This made them vulnerable to other processes running on the same physical processor core in a different hyperthread, potentially allowing private data, such as keys, to be exposed.
The problem occurred in the Indirect Branch Restricted Speculation (IBRS). This is an Intel mechanism that limits “speculation” from indirect branches, which tell processors where to execute instructions in a new location. The vulnerability only occurs when so-called ‘plain’ IBRS is used and not ‘enhanced’ IBRS.
The investigation also shows that the problem persisted with the VMs of a major cloud provider. The discovered vulnerability is therefore seen as an important issue for cloud providers.
The researchers first encountered the vulnerability on December 31, 2022. Linux patched the vulnerability in the Linux6.2 kernel at the end of February.
Also read: Older Intel and AMD processors vulnerable to new Spectre variant.
