Linux 6.8.5 & Other Stable Kernel Updates Due To Native BHI Vulnerability

Written by Michael Larabel in Linux Kernel on 10 April 2024 at 11:25 AM EDT. 5 Comments
LINUX KERNEL
Due to yesterday's Native BHI vulnerability disclosure affecting all Intel processors with this variant of Branch History Injection (BHI) not requiring BPF to exploit, a slew of new Linux kernel stable releases are out today to back-port this security mitigation.

Native BHI is the newest CPU speculative execution vulnerability and a step more serious than the original Branch History Injection vulnerability disclosed in 2022 since it doesn't need unprivileged BPF access. Introduced to Linux 6.9 Git on Tuesday was the Spectre BHI mitigation for Intel processors for a software BHB clearing sequence and/or making use of updated Intel CPU microcode for handling the mitigation. Native BHI means that the branch history needs to be cleared for each system call entry and VM exit.

Intel CPUs


The updated Linux kernel code allows controlling the Native BHI behavior with the new spectre_bhi= boot option. See yesterday's article for more information on this latest Spectre headache.

While yesterday the code landed in Linux Git for the current v6.9 kernel development, out today are the Linux 6.8.5, 6.6.26, 6.1.85, and 5.15.154 stable kernels for back-porting the mitigation. So go forth and update to Linux 6.8.5 or otherwise the prior LTS kernel version updates if wanting to be protected against Native BHI on your Intel system(s). The fresh kernel code as always can be downloaded from kernel.org.

I'll be working on some benchmarks shortly for looking to see if there is any real-world performance implications from this latest CPU security mitigation.
5 Comments
Related News
Linux 6.9-rc6 Released With This Kernel Looking "Pretty Normal"
Linux 6.9-rc5 Released: The Diffstat "Looks A Bit Wonky" But Not Bad
Linux 6.9-rc5 Picking Up Fixes For Intel FRED, BHI & GFNI/VAES Checks
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.9-rc4 Brings More Bcachefs Fixes, Native BHI Mitigation
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
Ubuntu 24.04 LTS Downloads Now Available
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance
Niri 0.1.5 Scrollable-Tiling Wayland Compositor Adds New Animations