Ukuba sengozini (CVE-2023-1998) kukhonjwe ku-Linux 6.2 kernel. Lokhu kuba sengcupheni kukhubaza ukuvikela ekuhlaselweni kwe-Specter v2, okuvumela ukufinyelela kunkumbulo yezinye izinqubo ezisebenza ngemicu ehlukene ye-SMT noma ye-Hyper-Threading kodwa kungqikithi efanayo yephrosesa. Phakathi kwezinye izinto, ubungozi bungasetshenziswa ukuvuza idatha phakathi kwemishini ebonakalayo kumasistimu wamafu. Udaba luthinta kuphela i-Linux 6.2 kernel futhi lubangelwa ukuqaliswa okungalungile kokuthuthukiswa okuklanyelwe ukunciphisa okungaphezulu okubalulekile lapho kusetshenziswa ukuvikela kwe-Specter v2. Ukuba sengozini kulungisiwe egatsheni lokuhlola le-Linux 6.3 kernel.
Ukuze kuvikelwe ekuhlaselweni kwe-Spectre, izinqubo zesikhala somsebenzisi zingakhubaza ngokukhetha ukwenziwa kwemiyalelo yokuqagela kusetshenziswa i-prctl PR_SET_SPECULATION_CTRL noma kusetshenziswe ukuhlunga ucingo lwesistimu olusekelwe ku-seccomp. Ngokusho kwabacwaningi, ukulungiswa okungalungile ku-kernel engu-6.2 okwembule inkinga kushiye ingenaso isivikelo esanele. imishini ebonakalayo okungenani umhlinzeki omkhulu wamafu oyedwa, naphezu kokuvumela imodi yokuvimba ukuhlaselwa kwe-spectre-BTI nge-prctl. Ubuthakathaka buphinde buvele ku-regular amaseva nge-kernel 6.2, esebenzisa isilungiselelo esithi "spectre_v2=ibrs" lapho ilayisha.
Ubungozi busukela ekulungiselelweni okwethulwa lapho kukhethwa i-IBRS noma amamodi okuvikela e-eIBRS, akhubaza indlela yeSingle Thread Indirect Branch Predictors (STIBP), okudingekayo ukuze uvimbele ukuvuza lapho kusetshenziswa i-multithreading kanyekanye (SMT noma i-Hyper-Threading). Nokho, imodi ye-eIBRS kuphela enikeza isivikelo ekuvuzeni okuphakathi kwentambo, hhayi imodi ye-IBRS, njengoba ibhithi ye-IBRS, enikeza isivikelo ekuvuzeni phakathi kwamakhora anengqondo, iyasulwa ngenxa yezizathu zokusebenza lapho ibuyisela ukulawula endaweni yomsebenzisi, okushiya izintambo zesikhala somsebenzisi zibe sengozini yokuhlaselwa kweSpecter v2.
Source: opennet.ru
