*** This bug is a security vulnerability ***
Public security bug reported:
[Impact]
Branch History Injection is made easier when all indirect calls are funneled
through very few points where the retpolines were. By replacing the retpoline
jumps by indirect calls whenever retpolines are disabled, BHI attacks are more
difficult to execute as the BTB is not as fixed as before.
[Fixes]
Though there are fixes that allow retpoline,lfence to be directly replaced in
the indirect calls, given that mitigation is not recommended for most of the
situations, that hardening is not as important as the one that works for the
spectre_v2=off option (the default one for systems with eIBRS). This latter one
is present starting with 5.13, but backporting to 5.4 might be a good measure.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1967579
Title:
harden indirect calls against BHI attacks
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1967579/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
