Subj : The "branch history injection" hardware vulnerability
To   : All
From : LWN.net
Date : Tue Apr 09 2024 20:30:06

The "branch history injection" hardware vulnerability

Date:
Tue, 09 Apr 2024 19:22:50 +0000

Description:
The mainline kernel has just received a set of commits mitigating the
latest x86 hardware vulnerability, known as "branch history injection".
From this commit : Branch History Injection (BHI) attacks may allow a 
malicious
	application to influence indirect branch prediction in kernel by
	poisoning the branch history. eIBRS isolates indirect branch
	targets in ring0.  The BHB can still influence the choice of
	indirect branch predictor entry, and although branch predictor
	entries are isolated between modes when eIBRS is enabled, the BHB
	itself is not isolated between modes. See this commit for
documentation on the command-line parameter that controls this mitigation.
There are stable kernel releases ( 6.8.5 , 6.6.26 , 6.1.85 ,
and 5.15.154 )
in the works that also contain the mitigations.

======================================================================
Link to news story:
https://lwn.net/Articles/969210/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.