Linux KVM Gets Patched For New AMD Cross-Thread Return Address Predictions Bug
1 min read
Feb 15, 2023
CVE-2022-27672 is being made public today as the "Cross-Thread Return Address Predictions" bug affecting various AMD and Hygon processors. This vulnerability affects the SMT mode where one sibling thread transitions out of the C0 state and the other sibling thread could use return target predictions.
The good news is that the Linux kernel is already protected against the AMD Cross-Thread Return Address Predictions bug as part of its Spectre V2 mitigation. But the Linux Kernel-based Virtual Machine (KVM) for virtualization does require special handling now for this bug as otherwise could result in a VM guest-controlled return target being consumed by the sibling thread.
Patches were posted today to mitigate KVM for Linux 6.2, 6.1, and 5.15 LTS. Again, these kernel patches just affect KVM usage as using the standard Spectre V2 mitigations are good enough for just protecting the kernel itself. So for those not making use of KVM virtualization, there isn't much to be concerned about with today's CVE-2022-27672 disclosure.
The link for this article located at Phoronix is no longer available.
Related Articles
1 - 0 min read
xz-style Attacks Continue to Target Open-Source Maintainers
1 - 0 min read
Hacked VMs Reveal New Attack Risks
1 - 0 min read
Millions Of GitHub Repositories Infected With Malicious Code
1 - 0 min read
New GhostRace Attack Impacts Major CPU, Software Vendors
