** Also affects: linux (Ubuntu Jammy)
Importance: Undecided
Status: Incomplete
** Changed in: linux (Ubuntu Jammy)
Status: Incomplete => In Progress
** Changed in: linux (Ubuntu Jammy)
Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)
** Changed in: linux (Ubuntu Jammy)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1967579
Title:
harden indirect calls against BHI attacks
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Jammy:
In Progress
Bug description:
[Impact]
Branch History Injection is made easier when all indirect calls are funneled
through very few points where the retpolines were. By replacing the retpoline
jumps by indirect calls whenever retpolines are disabled, BHI attacks are more
difficult to execute as the BTB is not as fixed as before.
[Fixes]
Though there are fixes that allow retpoline,lfence to be directly replaced in
the indirect calls, given that mitigation is not recommended for most of the
situations, that hardening is not as important as the one that works for the
spectre_v2=off option (the default one for systems with eIBRS). This latter one
is present starting with 5.13, but backporting to 5.4 might be a good measure.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1967579/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
