More patch woes other than Spectre on the way

Chat about just about anything else
Post Reply
User avatar
Level 17
Level 17
Posts: 7791
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

More patch woes other than Spectre on the way

Post by catweazel » Tue May 15, 2018 1:39 am ... -os-490661

Emergency patches appear from all vendors.

Almost every modern operating system contains a vulnerability caused by developers misunderstanding how Intel and AMD processors handle low-level instructions, which can be exploited to crash computers or to read sensitive data in memory.

The flaw was documented [pdf] by researchers Nick Peterson and Nemanja Mulasmajic and security vendor Everdox, with help from Linux kernel developer Andy Lutomirski and the Xen hypervisor project's Andrew Cooper.

It involves the assembly code POP SS and MOV SS instructions being executed, followed immediately by a software generated interrupt or SYSCALL, which triggers a hardware debug exception running at the highest level kernel privilege with full access to all parts of the computer.

Quoted from the URL above
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

User avatar
Level 19
Level 19
Posts: 9690
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: More patch woes other than Spectre on the way

Post by karlchen » Tue May 15, 2018 8:16 am

Hi, catweazel.

Good news on this nasty bug:
Kernel patches 3.13.0-147 (Mint 17.x), 4.4.0-124 (Mint 17.x, Mint 18.x) and 4.13.0-41 (Mint 18.x) have already been pushed out through the Ubuntu repositories.
They correct the reported vulnerability. Cf.: USN-3641-1: Linux kernel vulnerabilities

The Ubuntu page does not mention kernel 4.15.0-20 (or higher). So, either this kernel did not exhibit the problem from the start, or its update is still pending.

Linux Mint 18.1 64-bit Cinnamon Desktop, Total Commander 9.21a 64-bit
Ubuntu 18.04.1 32-bit Mate Desktop, Total Commander 9.21a 32-bit
Windows? - 1 window in every room

Post Reply

Return to “Open chat”