IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. This issue (CVE-2022-23824 or AMD-SN-1040) related to CVE-2017-5715 previously known as Spectre Variant 2. As part of our efforts to continue improving security features, AMD has investigated issues related to CVE-2017-5715 in the recent months. Previously notified of one of the potential issues related to CVE-2017-5715 (in AMD-SN-1036). In some situations, IBPB may fail to prevent return branch predictions from being specified by pre-IBPB branch targets leading to potential information disclosure. Reference: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036 https://www.amd.com/system/files/documents/software-techniques-for-managing-speculation.pdf https://access.redhat.com/security/vulnerabilities/speculativeexecution
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2141263]
Thank you Alex, but are we still missing the 8.9.y bz? Or this is supposed to be merged on Y?
I have a look at the related RHEL-8 side of things, and per my comment [1] I believe that the same buffer stacking on the RHEL-9 branch are also on all RHEL-8 branches, and enabled by the spectrev2 mitigation. I'm assuming that, based on that, the RHEL-8 trackers should be closed in the same was the 9 trackers from comment #23? [1] https://bugzilla.redhat.com/show_bug.cgi?id=2210536#c3
I mean "return stack buffer stuffing" sorry ...