While mitigations are in place to protect Linux systems from Spectre attacks, newly discovered vulnerabilities could allow bypassing them. Nonetheless, Linux developers have addressed the bugs and deployed fixes.
Linux Vulnerabilities Evading Spectre Mitigations
Security research from Symantec’s Threat Hunter team, Piotr Krysiuk, caught two new vulnerabilities in Linux systems. Exploiting these vulnerabilities could allow an adversary to conduct Spectre attacks whilst evading the existing mitigations.
Sharing the details in a post, Symantec explained that these bugs could allow one user to spy on the other on shared computers.
Regarding the newly discovered Linux flaws, the first of these CVE-2020-27170 exposes contents from the entire computer memory. As described in the advisory,
Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location within the kernel memory. This can be abused to extract contents of kernel memory via side-channel.
Whereas, the second bug, CVE-2020-27171, was a numeric error allowing to steal 4GB of memory.
Unprivileged BPF programs running on affected 64-bit systems can exploit this to execute speculatively out-of-bounds loads from 4GB window within the kernel memory.
Upon finding the bugs, Symantec reached out to the Linux developers. Consequently, the patches became available as 5.11.8 stable release on March 20, 2021. Whereas, the other Kernel releases bearing the patches include 5.10.25, 5.4.107, 4.19.182, and 4.14.227.
Spectre and Meltdown caught attention in 2018 when researchers found the bugs affecting the CPUs’ microarchitecture. These bugs threatened almost all modern computers at that time and required OS-level patches. Hence, all developers, including the Linux team, rushed to deploy the fixes for existing computers. Whereas, the subsequent CPUs inherently prevent these attacks.
However, today very few computers in the mainstream include modern CPUs. Thus, the vulnerabilities continue to pose a threat to the users if bypassing the existing mitigations becomes possible.