1.Penguin Landscape

CVE-2022-27672 is being made public today as the "Cross-Thread Return Address Predictions" bug affecting various AMD and Hygon processors. This vulnerability affects the SMT mode where one sibling thread transitions out of the C0 state and the other sibling thread could use return target predictions.

The good news is that the Linux kernel is already protected against the AMD Cross-Thread Return Address Predictions bug as part of its Spectre V2 mitigation. But the Linux Kernel-based Virtual Machine (KVM) for virtualization does require special handling now for this bug as otherwise could result in a VM guest-controlled return target being consumed by the sibling thread.


Patches were posted today to mitigate KVM for Linux 6.2, 6.1, and 5.15 LTS. Again, these kernel patches just affect KVM usage as using the standard Spectre V2 mitigations are good enough for just protecting the kernel itself. So for those not making use of KVM virtualization, there isn't much to be concerned about with today's CVE-2022-27672 disclosure.