Linux Now Mitigating Hygon CPUs For Inception/SRSO Vulnerability
With the Hygon processors being based on Zen 1, it was assumed Hygon was affected too by this CPU security vulnerability from August. But due to only a few days ago was the patch sent out for mitigating the Speculative Return Stack Overflow (SRSO / Inception) on these processors. Mitigating is just a one-liner that requires just adding "SRSO" to the 0x18 Hygon family for then following the mitigated kernel path written by AMD engineers, so it's a bit surprising it took so long to act.
The AMD bulletin describes SRSO / Inception as a speculative side channel attack that could lead to information disclosure:
"This attack is similar to previous branch prediction-based attacks like Spectrev2 and Branch Type Confusion (BTC)/RetBleed. As with similar attacks, speculation is constrained within the current address space and to exploit, an attacker must have knowledge of the address space and control of sufficient registers at the time of RET (return from procedure) speculation. Hence, AMD believes this vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools."
In any event this pull request of x86 fixes sent in for Linux 6.6-rc4 will mitigate Hygon processors for the SRSO/Inception vulnerability from mid-August.