Retbleed, a recently discovered Spectre-like microprocessor flaw that affected both AMD and Intel devices, has been fixed on Linux (opens in new tab), OS boss Linus Torvalds has confirmed.
As reported by The Register, Torvalds published a blog post (opens in new tab) detailing the work, saying that the fix wasn’t that easy to build, and that the team will have to push the release of the next patch by at least a week.
"When we've had one of those embargoed [hardware] issues pending, the patches didn't get the open development, and then as a result missed all the usual sanity checking by all the automation build and test infrastructure we have," Torvalds wrote.
"So no surprise – there's been various small fixup patches afterwards too for some corner cases."
Last week, two researchers from ETH Zurich discovered the flaw, saying it allowed potential threat actors access to kernel memory of an endpoint (opens in new tab), which essentially means access to sensitive data such as passwords, and similar. The flaw is particularly risky in cloud environments, the researchers further said, where multiple companies share the same systems. In other words, one vulnerability could expose the secrets of multiple companies.
Similarly to Spectre and Meltdown, flaws that shook the very foundation of the computing world four years ago, the patch for Retbleed will inevitably slo the processors down.
But Retbleed is just one of the reasons for the delay in the distribution of the patch, Torvalds further explained.
> > Keeping your CPU safe from Spectre imposes serious performance penalty (opens in new tab)
> Spectre returns - Intel and ARM-based CPUs hit by serious vulnerability (opens in new tab)
> These are the best antivirus tools right now (opens in new tab)
"Last week there were two other development trees that independently also asked for an extension, so 5.19 will be one of those releases that have an additional rc8 next weekend before the final release," Torvalds said.
"When it rains it pours," he added. "Not that things really look all that bad. I think we've got the Retbleed fallout all handled (knock wood)."
The two things developers were working on include the btrfs filesystem, and the firmware for controllers for Intel GPUs. These issues did not create any particular complications, Torvalds concluded, adding “it's not like we have any huge issues, but an extra week is most definitely called for."
- Here's our take on the best identity management software (opens in new tab) right now
Via: The Register (opens in new tab)