Cloud Provider Hit by Cyberattack Due to Linux Kernel Error

Google Product Safety Group Specialist, Nava, recently reported a new vulnerability in Linux 6.2 nucleus that is associated with the vulnerability of Spectre’s principle of operation. This deficiency in average security was primarily reported to cloud service providers on December 31, 2022. On February 27, 2023, the vulnerability has already been fixed.

Experts have explained that the nucleus was not able to protect applications from Spectre V2, leaving them open to attacks from other processes working on other hyperpoles of the same physical core. The potential consequence of this vulnerability is the disclosure of confidential information.

Spectre V2, a new version of vulnerability, appeared later. This option is relied on for temporary side channels to measure the frequency of errors in the prediction of indirect branches and calculate the contents of the protected memory. However, this approach is far from optimal for a cloud environment with general equipment.

Soon after the first attempts to correct MeltDown and Spectre, Intel published details about the Indirect Branch Restricted Speculation (IBRS) mechanism for limiting the speculation of indirect branches that inform processors about the need to start performing instructions in a new place. IBRS offers protection against Spectre V2, which Intel calls Branch Target Injection (BTI).

The introduction of targeted branches is a method of teaching branches of branches to speculative execution of certain instructions for the output of data in the processor cache using the side of the synchronization channel. IBRS is available in two versions: the base (outdated) and expanded. Unfortunately, the basic version turned out to be vulnerable in terms of security.

The baghangants who revealed the problem found that the processes of the Linux user space to protect against Spectre V2 do not work on virtual machines “at least one large cloud provider,” the name of which was not specified.

As reported in the vulnerability description, with the basic IBRS, The nucleus 6.2 had a logic that refused the Stibp (Single Thread Indirect Branch Predictors), protection against the joint use of forecasting branches between logical processors on the nucleus.

In conclusion, cloud providers must remain vigilant in addressing these vulnerabilities in order to ensure that their services remain secure.

/Reports, release notes, official announcements.