Vulnerability identifier: #VU47074
Vulnerability risk: Low
Exploitation vector: Local
Exploit availability: No
Vendor: Linux Foundation
The vulnerability allows a local user to gain access to sensitive information.
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the
implementation of SSBD. A bug in the logic handling allows an attacker
with a local account to disable SSBD protection during a context switch
when additional speculative execution mitigations are in place. This
issue was introduced when the per task/process conditional STIPB
switching was added on top of the existing SSBD switching.
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 5.0 - 5.7.7
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?