https://www.itnews.com.au/news/misunder ... -os-490661
Emergency patches appear from all vendors.
Almost every modern operating system contains a vulnerability caused by developers misunderstanding how Intel and AMD processors handle low-level instructions, which can be exploited to crash computers or to read sensitive data in memory.
The flaw was documented [pdf] by researchers Nick Peterson and Nemanja Mulasmajic and security vendor Everdox, with help from Linux kernel developer Andy Lutomirski and the Xen hypervisor project's Andrew Cooper.
It involves the assembly code POP SS and MOV SS instructions being executed, followed immediately by a software generated interrupt or SYSCALL, which triggers a hardware debug exception running at the highest level kernel privilege with full access to all parts of the computer.
Quoted from the URL above
More patch woes other than Spectre on the way
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
-
catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
More patch woes other than Spectre on the way
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 1 time in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Re: More patch woes other than Spectre on the way
Hi, catweazel.
Good news on this nasty bug:
Kernel patches 3.13.0-147 (Mint 17.x), 4.4.0-124 (Mint 17.x, Mint 18.x) and 4.13.0-41 (Mint 18.x) have already been pushed out through the Ubuntu repositories.
They correct the reported vulnerability. Cf.: USN-3641-1: Linux kernel vulnerabilities
The Ubuntu page does not mention kernel 4.15.0-20 (or higher). So, either this kernel did not exhibit the problem from the start, or its update is still pending.
Cheers,
Karl
Good news on this nasty bug:
Kernel patches 3.13.0-147 (Mint 17.x), 4.4.0-124 (Mint 17.x, Mint 18.x) and 4.13.0-41 (Mint 18.x) have already been pushed out through the Ubuntu repositories.
They correct the reported vulnerability. Cf.: USN-3641-1: Linux kernel vulnerabilities
The Ubuntu page does not mention kernel 4.15.0-20 (or higher). So, either this kernel did not exhibit the problem from the start, or its update is still pending.
Cheers,
Karl
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 771 days now.
Lifeline