Linux Now Mitigating Hygon CPUs For Inception/SRSO Vulnerability

Written by Michael Larabel in Linux Security on 1 October 2023 at 06:37 AM EDT. Add A Comment
LINUX SECURITY
Disclosed back in August was the Inception vulnerability affecting all Zen processors. It took until today though for the mainline Linux kernel to mitigate Hygon processors for this vulnerability for those Zen 1 CPUs formed from the AMD-Chinese joint venture.

With the Hygon processors being based on Zen 1, it was assumed Hygon was affected too by this CPU security vulnerability from August. But due to only a few days ago was the patch sent out for mitigating the Speculative Return Stack Overflow (SRSO / Inception) on these processors. Mitigating is just a one-liner that requires just adding "SRSO" to the 0x18 Hygon family for then following the mitigated kernel path written by AMD engineers, so it's a bit surprising it took so long to act.

Hygon SRSO patch


The AMD bulletin describes SRSO / Inception as a speculative side channel attack that could lead to information disclosure:
"This attack is similar to previous branch prediction-based attacks like Spectrev2 and Branch Type Confusion (BTC)/RetBleed. As with similar attacks, speculation is constrained within the current address space and to exploit, an attacker must have knowledge of the address space and control of sufficient registers at the time of RET (return from procedure) speculation. Hence, AMD believes this vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools."

In any event this pull request of x86 fixes sent in for Linux 6.6-rc4 will mitigate Hygon processors for the SRSO/Inception vulnerability from mid-August.
Add A Comment
Related News
New Linux Patch Lets You Force CPU Bugs/Mitigations Even When Not Vulnerable
Linux To Allow Disabling TPM PCR Integrity Protection Due To Performance Bottleneck
OpenPaX Announced As "Open-Source Alternative To GrSecurity" With Free Kernel Patch
Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS
Landlock Sandboxing Now Supports More Controls Around Unix Sockets
Linux 6.12 Adds Build Options For Greater Control Over CPU Security Mitigations
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Vulkan Video Now Enabled By Default For Radeon VCN2/VCN3 Hardware On Linux
Rustls Multi-Threaded Performance Is Battering OpenSSL
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features