Linux 5.17 delayed after vulnerability discovered in AMD processors
Date:
Mon, 14 Mar 2022 16:06:19 +0000
Description:
Patches for patches, and fixes for fixes are pushing the Linux 5.17 release date.
FULL STORY ======================================================================
The resurgence of Spectre-like malware has pushed the release date for the next iteration of Linux for at least a week, its creator has confirmed.
In the 5.17-rc8 announcement, the kernel development head Linus Torvalds explained that the discovery of CVE-2021-26341 - a vulnerability in some AMD processors that resembles the dreaded Spectre/Meltdown fiasco, meant the team needed to apply certain patches, which complicated things for the 5.17
version of the OS.
Last weekend, I thought Id be releasing the final 5.17 today. That was then, this is now, he writes. TechRadar needs you!
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window << Flurry of fixes
Last week was somewhat messy, mostly because of embargoed patches we had pending with another variation of specter attacks. And while the patches were mostly fine, we had the usual because it was hidden, all our normal testing automation did not see it either.
Once automation sees things, all the possible and impossible combinations get tested, resulting in a (small) flurry of fixes for the fixes.
Despite the unforeseen circumstances, Torvalds considered releasing 5.17 anyway, but decided against it, in the end.
As a result we have an -rc8 release today instead of doing a final 5.17, he concluded. Read more
Torvalds admits he's a bit worried about the next Linux build
Keeping your CPU safe from Spectre imposes serious performance penalty
Best Linux distros for privacy and security
Detailing the flaw, AMD said the chips "may transiently execute instructions following an unconditional direct branch that may result in detectable cache activity."
The CVE was rated 4.7/10 on the severity scale, and so far - there had been
no reported executions in the wild. Still, since the problem is found in 14 client CPUs and both first-gen and second-gen EPYC silicon for servers, it cannot be neglected.
Torvalds also urged the developers not to rely exclusively on automation farms, and to dig into the work themselves.
"Anyway, let's not keep the testing _just_ to automation," he suggested in
his weekly kernel progress update. "The more the merrier, and real-life loads are always more interesting than what the automation farms do. So please do give this last rc a quick try," he added. Check out our list of the best firewalls out there
Via: The Register
======================================================================
Link to news story:
https://www.techradar.com/news/linux-517-delayed-after-vulnerability-discovere d-in-amd-processors/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)