Linux kernel logic allowed Spectre attack on major cloud provider


Attempts to conceal the Spectre flaw, which has plagued hardware and software vendors since 2018, have been unsuccessful. The Google product security response team member Eduardo (sirdarckcat) Vela Nava revealed a Spectre vulnerability in the Linux kernel’s version 6.2 on Thursday.

According to the vulnerability report, “the kernel failed to protect applications that attempted to protect against Spectre v2, leaving them vulnerable to attack from other processes running on the same physical core in another hyperthread.” This nefarious issue is a result of the assault and may lead to information leakage (such as leaked private keys).

Read More…