Linux kernel team has conquered Retbleed, Torvalds says

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Retbleed, a recently discovered Spectre-like microprocessor flaw that affected both AMD and Intel devices, has been fixed on Linux, OS boss Linus Torvalds has confirmed.

As reported by The Register, Torvalds published a blog post detailing the work, saying that the fix wasn’t that easy to build, and that the team will have to push the release of the next patch by at least a week.

"When we've had one of those embargoed [hardware] issues pending, the patches didn't get the open development, and then as a result missed all the usual sanity checking by all the automation build and test infrastructure we have," Torvalds wrote. 

Leaking passwords

"So no surprise – there's been various small fixup patches afterwards too for some corner cases."

Last week, two researchers from ETH Zurich discovered the flaw, saying it allowed potential threat actors access to kernel memory of an endpoint, which essentially means access to sensitive data such as passwords, and similar. The flaw is particularly risky in cloud environments, the researchers further said, where multiple companies share the same systems. In other words, one vulnerability could expose the secrets of multiple companies.

Similarly to Spectre and Meltdown, flaws that shook the very foundation of the computing world four years ago, the patch for Retbleed will inevitably slo the processors down.

But Retbleed is just one of the reasons for the delay in the distribution of the patch, Torvalds further explained. 

"Last week there were two other development trees that independently also asked for an extension, so 5.19 will be one of those releases that have an additional rc8 next weekend before the final release," Torvalds said.

"When it rains it pours," he added. "Not that things really look all that bad. I think we've got the Retbleed fallout all handled (knock wood)."

The two things developers were working on include the btrfs filesystem, and the firmware for controllers for Intel GPUs. These issues did not create any particular complications, Torvalds concluded, adding “it's not like we have any huge issues, but an extra week is most definitely called for."

Via: The Register

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.