Retbleed Fixed in Linux Kernel, Patch Delayed

Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.

Linux kernel developers have successfully addressed Retbleed, the latest Spectre-like speculative execution attack against older AMD and Intel processors, Linus Torvalds wrote in a message to the Linux Kernel Mailing List on Sunday. However, the difficult repair process means there will be a delay of the release for Linux version 5.19 by a week.
I think weve got the retbleed fallout all handled (knock wood), Torvalds
wrote
.
The complexity of the fix wasnt the only reason for the release; there were two other development trees that independently asked for an extension. The other trees that needed the extension involve the btrfs filesystems and firmware for Intel GPU controllers.
When weve had one of those embargoed [hardware] issues pending, the patches didnt get the open development, and then as a result missed all the usual sanity checking by all the automation build and test infrastructure we have, Torvalds explained. So, 5.19 will be one of those releases that have an additional rc8 next weekend before the final release.
Last week,
researchers at ETH Zurich announced the discovery of Retbleed
, an addition to the family of speculative execution attacks that began with Meltdown and Spectre. The researchers named the family of these vulnerabilities Spectre-BTI after the attack method: via a branch target injection.
Unlike its siblings, Retbleed does not proceed via indirect jumps or calls, but instead uses return instructions. This is significant because it undermines some of the current Spectre-BTI protections, the researchers wrote.
In response, Intel and AMD issued advisories describing mitigations for CVE-2022-29901 (Intel CPUs) and CVE-2022-2990 (AMD CPUs).
The discovery follows
Hertzbleed
, discovered in June, which exploited a side-channel flaw in Intel and AMD processors, allowing remote attackers with low privileges to infer sensitive information by observing power-throttling changes in the CPU.
The attacks leverage weaknesses in the
speculative execution process
, a performance optimization technique in modern CPUs.
Other major speculative execution vulnerability exploits uncovered in recent years include
Meltdown, Spectre,
and
SWAPGS
.
A team of Google researchers
published a deep analysis
of the issue back in 2019, positing that chip makers focus on performance has left microprocessors open to numerous side-channel attacks that cannot be fixed by software updates.
Some experts believe exploits like Spectre and Meltdown will force customers to make tradeoffs between performance and security of applications. They predict these types of threats will
become much more dangerous
in cloud and virtual environments.
A 2019 survey from Login VSI found patches negatively impacted performance for a fifth of those who applied them, with at times
substantial performance reductions
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Retbleed Fixed in Linux Kernel, Patch Delayed