Anyone still considering upgrading to 64-bit Linux kernels (opens in a new tab) now has another great incentive after it was revealed that 32-bit editions will not receive a major security patch.
Intel's Pawan Gupta recently took to the lore.kernel.org mailing list to answer customer questions, one of which concerned the Retbleed patch for 32-bit operating systems.
"Intel is not aware of production environments using 32-bit mode on Skylake generation processors, so this should not be an issue." Intel's Peter Zijlstra chimed in to add: "Yeah, so far no one has bothered to fix 32-bit. If anyone *really* cares and wants to push themselves, I guess I'll check out the patches, but seriously, you shouldn't be running 32-bit kernels." bits on Skylake/Zen based systems, that's just silly.
steal secrets
Retbleed is the latest speculative execution attack and a variant of the dreaded Specter vulnerability that was discovered in 2018. It is tracked as CVE-2022-29900 and CVE-2022-29901, and has already been patched for 64-bit versions. .
Earlier this month, two researchers at ETH Zurich discovered that this allowed abusers to access kernel memory, and given the nature of the flaw, fixing it also means slowing down the chips. "When computers perform special computational steps to calculate faster, they leave traces that hackers could abuse," the researchers said.
These traces can be exploited, researchers discovered, giving threat actors unauthorized access to all information on the target endpoint (opens in a new tab), including encryption keys, passwords, and more passwords and other secrets. .
The flaw is particularly risky in cloud environments, the researchers added, where multiple companies share the same systems. In other words, a vulnerability could reveal the secrets of multiple companies.
The National Cyber Security Center in Bern, Switzerland, considers the vulnerability serious because the affected processors are used all over the world, the researchers say.
- Looking for penguin-powered computing? We've got the best Linux laptops (opens in a new tab) lined up here
Via: Tom's Hardware (opens in a new tab)