The "special register buffer data sampling" hardware vulnerability

We have not had a new CPU vulnerability for a little while — a situation
that was clearly too good to last. The mainline kernel has just merged
mitigations for the “special register buffer data sampling” vulnerability
which, in short, allows an attacker to spy on the random numbers obtained
by others. In particular, the results of the RDRAND instruction
can be obtained via a speculative attack.

The mitigation involves more flushing and the serialization of
RDRAND. That means a RDRAND instruction will take longer
to run, but it also means that RDRAND requires locking across the
system, which will slow things considerably if it is executed frequently.
There are ways to turn the mitigations off, of course. See this new kernel document for more
information.

These fixes are currently queued to be part of the
5.7.2,
5.6.18,
5.4.46,
4.19.128,
4.14.184
4.9.227,
4.4.227, and
3.16.85
stable updates.

Source: LWN.net – The “special register buffer data sampling” hardware vulnerability

Prime-WoW

My site, my way, no big company can change this

The "special register buffer data sampling" hardware vulnerability