Retbleed on Linux: Kernel 5.19-RC7 closes CPU vulnerabilities

Retbleed unter Linux: Kernel 5.19-RC7 schließt CPU-Schwachstellen

Initiator and lead developer Linus Torvalds has an upcoming release candidate for the upcoming Linux kernel 5.19 with a patch against the Retbleed vulnerability, which can exploit Specter and Specter-V2 vulnerabilities discovered in 2017 in AMD and Intel CPUs, which are still widely spread , now released.

RC7 is not the latest release candidate

Torvalds announced that Linux 5.19-RC7 will be followed by Linux 5.19-RC8. In announcing the official release of the free Linux 5.19-RC7 kernel, Linus Torvalds made it clear that Linux 5.19 will not be released after the seventh release candidate like most kernels before.

However, two other development trees in the past week have also independently requested an extension, so 5.19 will be one of those releases with an extra rc8 next weekend before the final release.

Linus Torvalds

RC8 due to Retbleed firmware and Intel

One reason for the unscheduled plug-in release is the latest vulnerability in the Retbleed processor, which is found in CPUs based on AMD’s Zen 1, Zen 1+, and Zen 2 as well as Intel’s 6th-8th generation with intelligent setup of return commands can be exploited.

Retbleed loopholes
  • AMD: CVE-2022-29900
  • Intel: CVE-2022-29901

Linux 5.19-RC7 and the upcoming 8th candidate are already protected against Retbleed, but due to this extra work there was also an issue with Intel’s firmware for Alder Lake hybrid CPUs and a patch pulled out for the Btrfs file system, which Torvalds did little about happiness attest.

We had some btrfs returns at the last minute and there is also a hanging issue with the Intel GPU firmware.

When something hits you, it can get worse.

Linus Torvalds

Linux 5.19 will be released on July 31

After Linux 5.19-RC8, the next candidate and this time the final release, is due next week, the final release of Linux 5.19 is scheduled for July 31 – Linus Torvalds is also finally forgiving.

Not that things really look that bad. I think we’ve got the stuttering fall dealt with (hitting the wood), and the btrfs back in place. And it looks like the Intel GPU firmware issue has a patch pending as well (or we’ll just be back).

So it’s not like we’ve had any major issues, but we’re definitely asking for an extra week.

Linus Torvalds

The official paper (PDF) by Swiss security researchers from ETH Zurich provides more information on the topic of “Retbleed”.

See also  Smartphone makers are considering ditching phone chargers and headphones

Leave a Reply

Your email address will not be published.