VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks

A new Spectre v2 vulnerability has been discovered, impacting modern CPU architectures that support speculative execution. This vulnerability allows an unauthenticated attacker to leak privileged memory from the CPU by speculatively jumping to a chosen gadget. Current research shows that existing mitigation techniques, such as disabling privileged eBPF and enabling (Fine)IBT, are insufficient in stopping BHI exploitation against the kernel/hypervisor. The vulnerability takes advantage of speculative execution paths, which can be influenced by malicious software to infer privileged data. Researchers have demonstrated that they can uncover new, exploitable gadgets in the Linux kernel using their gadget analysis tool, InSpectre Gadget, which bypass deployed Intel mitigations. An attacker with access to CPU resources may be able to read arbitrary privileged data or system registry values by speculatively jumping to a chosen gadget. To address this vulnerability and its variants, users should update their software according to the recommendations from respective vendors with the latest mitigations available. The vulnerability was discovered and reported by Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida from the VUSec group at VU Amsterdam. This document was written by Dr. Elke Drennan, CISSP.