Native Spectre v2 exploit puts Intel systems running Linux at risk
It's been some time since we discussed the initial Spectre security flaw that impacted numerous CPUs, and which was subsequently followed by the Spectre v2 vulnerability. Now there are new concerns following the discovery of the first native Spectre v2 exploit against the Linux kernel.
Researchers from the Systems and Network Security Group at Vrije Universiteit Amsterdam (VUSec) have demonstrated that Intel CPUs running Linux are vulnerable to Native Branch History Injection (BHI). VUSec says its InSpectre Gadget tool can be used to "not only uncover new (unconventionally) exploitable gadgets in the Linux kernel, but that those gadgets are sufficient to bypass all deployed Intel mitigations".
