[RESOLVED] Spectre V2 Vulnerability
fmc000
Status: New User - Welcome
Joined: 07 Dec 2023
Posts: 2
Reply Quote
Liquorix Kernel is vulnerable to:

[ 0.062079] Spectre V2 : WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!

because of:

#grep CONFIG_BPF_UNPRIV_DEFAULT_OFF /boot/config-6.6.4-1-liquorix-amd64
# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set

On Pop!_OS default kernel I have:

#grep CONFIG_BPF_UNPRIV_DEFAULT_OFF /boot/config-6.5.6-76060506-generic
CONFIG_BPF_UNPRIV_DEFAULT_OFF=y

Is there any reason for this?

Thanks in advance.
Back to top
damentz
Status: Assistant
Joined: 09 Sep 2008
Posts: 1116
Reply Quote
No reason, it appears this was set during a regular config refresh between major kernel versions.

Thanks for the report, the change is staged for the next release: github.com/damentz/liquorix-package/commit/7c2006fb37b3fe98b607d99c6597fd19b27858ac

I'll mark this as resolved.
Back to top
fmc000
Status: New User - Welcome
Joined: 07 Dec 2023
Posts: 2
Reply Quote
It is indeed:

[ 0.062183] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[ 0.062185] Spectre V2 : Mitigation: Enhanced / Automatic IBRS
[ 0.062185] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[ 0.062185] Spectre V2 : Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT
[ 0.062186] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier

Thanks for the quick action.
Back to top
Display posts from previous:   

All times are GMT - 8 Hours