Ghostboard pixel Skip to content

Linux Kernel 5.17 Delayed by a Week to Tackle Spectre v2 Exploit

Linux Kernel 5.17 was scheduled to release the previous day (Sunday).

Unfortunately, (or for better), Spectre V2, another variant of the Spectre vulnerability affecting the processors, was discovered.

But, what is the Spectre v2 vulnerability affecting the chips? Is it essential for the Linux Kernel 5.17 to include a fix?

Let us find out more about it below.

What is Spectre v2 Exploit?

Spectre security vulnerability affects processors (or chips) where the attacker may be able to extract sensitive data like security keys.

Initially, the class of vulnerabilities was discovered in 2018 when processors by Intel, AMD, ARM, and a few others were affected.

So, it is safe to say that the vulnerability that affects almost every system (desktop, laptops, and mobiles) is a big deal.

It is back again with a new variant, i.e., Spectre v2.

The behavior of the exploit is similar and can end up accessing specific areas of memory while bypassing built-in chip security measures.

Linux Kernel 5.17 Delayed

While the fixes for Spectre attacks made their way to the Linux Kernel 5.17, the automation testing in place needs time.

With the announcement of Linux Kernel 5.17 release candidate 8, Linus Torvalds mentions that the patches were “mostly fine” with some more fixes added. However, it is best to go through all the automated tests to make sure everything’s fine with the release:

So last weekend, I thought I’d be releasing the final 5.17 today.

That was then, this is now. Last week was somewhat messy, mostly
because of embargoed patches we had pending with another variation of
spectre attacks. And while the patches were mostly fine, we had the
usual “because it was hidden, all our normal testing automation didn’t
see it either”.

And once the automation sees things, it tests all the insane
combinations that people don’t tend to actually use or test in any
normal case, and so there was a (small) flurry of fixes for the fixes.

None of this was really surprising, but I naïvely thought I’d be able
to do the final release this weekend anyway.

And honestly, I considered it. I don’t think we really have any
pending issues that would hold up a release, but on the other hand we
also really don’t have any reason _not_ to give it another week with
all the proper automated testing. So that’s what I’m doing, and as a
result we have an -rc8 release today instead of doing a final 5.17.

In addition to the Spectre fixes, they also got time for some patches on the regression list, which were also addressed.

Furthermore, testers will get an additional week to test things out, without relying just on the automated tests.

Linux Kernel 5.17: Feature Overview

If you are curious, Linux Kernel 5.17 release is all about hardware improvements.

Starting from improvements to the Steam Deck, and next-gen processors. Intel’s 12th gen processors and AMD’s Ryzen 5000 series should also have improvements across the board.

Not to forget Intel’s upcoming discrete graphics support.

Look out for the release article next weekend, highlighting all the new changes with more details.

More from It's FOSS...