More patch woes other than Spectre on the way

Chat about just about anything else
Post Reply
User avatar
catweazel
Level 14
Level 14
Posts: 5473
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

More patch woes other than Spectre on the way

Post by catweazel » Tue May 15, 2018 1:39 am

https://www.itnews.com.au/news/misunder ... -os-490661

Emergency patches appear from all vendors.

Almost every modern operating system contains a vulnerability caused by developers misunderstanding how Intel and AMD processors handle low-level instructions, which can be exploited to crash computers or to read sensitive data in memory.

The flaw was documented [pdf] by researchers Nick Peterson and Nemanja Mulasmajic and security vendor Everdox, with help from Linux kernel developer Andy Lutomirski and the Xen hypervisor project's Andrew Cooper.

It involves the assembly code POP SS and MOV SS instructions being executed, followed immediately by a software generated interrupt or SYSCALL, which triggers a hardware debug exception running at the highest level kernel privilege with full access to all parts of the computer.


Quoted from the URL above
A new scientific truth does not triumph by convincing its opponents and making them see the light, but rather because its opponents eventually die, and a new generation grows up that is familiar with it. - Max Planck

User avatar
karlchen
Level 18
Level 18
Posts: 8778
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: More patch woes other than Spectre on the way

Post by karlchen » Tue May 15, 2018 8:16 am

Hi, catweazel.

Good news on this nasty bug:
Kernel patches 3.13.0-147 (Mint 17.x), 4.4.0-124 (Mint 17.x, Mint 18.x) and 4.13.0-41 (Mint 18.x) have already been pushed out through the Ubuntu repositories.
They correct the reported vulnerability. Cf.: USN-3641-1: Linux kernel vulnerabilities

The Ubuntu page does not mention kernel 4.15.0-20 (or higher). So, either this kernel did not exhibit the problem from the start, or its update is still pending.

Cheers,
Karl
Image
Old bugs good, new bugs bad! Updates are evil: might fix old bugs and introduce no new ones.

Post Reply

Return to “Open chat”