Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity

    Torvalds Releases Linux 4.15 With Improved Meltdown, Spectre Patches

    By
    Sean Michael Kerner
    -
    January 29, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Linux Meltdown Spectre

      Linus Torvalds released the first new Linux kernel of 2018 on Jan. 28, after the longest development cycle for a new Linux kernel in seven years.

      During the release Linux Kernel release cycle, Torvalds typically issues a release candidate once a week, with most cycles including six to eight release candidates. There were nine release candidates for the Linux 4.15 kernel, which makes it the longest cycle since Linux 3.1 was released in 2011. The Linux 3.1 kernel was delayed in part due to the 2011 hack of the kernel.org development server.

      As it turns out, the Linux 4.15 kernel release delay was also due to security related issues.

      Among the highlights of the new Linux 4.15 kernel is the core reason for the kernel’s delay, namely the Meltdown and Spectre CPU flaws, that first became public on Jan. 3. Linux developers had been quietly working since at least November 2017 on dealing with the Meltdown issue in particular through an effort known as Page Table Isolation (PTI).

      “This obviously was not a pleasant release cycle, with the whole meltdown/spectre thing coming in in the middle of the cycle and not really gelling with our normal release cycle,” Torvalds wrote in his release announcement. “The extra two weeks were obviously mainly due to that whole timing issue.”

      The Meltdown flaw, identified as CVE-2017-5754, affects Intel CPUs while Spectre, known as CVE-2017-5753 and CVE-2017-5715, impacts all modern processors. The issues also impact Microsoft Windows, which has had multiple stability issues related to the patch. On Jan. 28, Microsoft issued an emergency out-of-band Windows update that disables the patch for the  CVE-2017-5715 (Spectre) issue due to stability issues that were triggering data loss and system reboots.

      The Spectre issue is being mitigated in Linux 4.15 with the retpoline code that was originally developed by Google. Reptoline helps to avoid kernel-to-user data leaks, by restricting speculative indirect branches in CPU processes.

      Torvalds also noted that there is still more work to be done to further protect users against the Meltdown and Spectre vulnerabilities. That said, he emphasized that Linux 4.15 is about more than just patches for CPU vulnerabilities.

      “While Spectre/Meltdown has obviously been the big news this release cycle, it’s worth noting that we obviously had all the *normal* updates going on too,”Torvalds wrote. “The work everywhere else didn’t just magically stop, even if some developers have been distracted by CPU issues.”

      Among the new features that have landed in Linux 4.15 are a set of capabilities to support expanded security capabilities in Intel and AMD CPUs. On AMD, Linux now supports the AMD Secure Encrypted Virtualization (SEV) capability.

      “SEV enables running encrypted virtual machines (VMs) in which the code and data of the guest VM are secured so that a decrypted version is available only within the VM itself,” the code commit for the feature states. 

      On Intel CPUs, Linux now supports a feature called User Mode Instruction Prevention (UMIP) that is intended to help limit the risk of privilege escalation. Ricardo Neri, Linux software engineer at Intel explained in his Linux kernel commit message that UMIP is a security feature present in new Intel Processors. 

      “If enabled, it prevents the execution of certain instructions if the Current Privilege Level (CPL) is greater than 0,” Neri wrote. “If these instructions were executed while in CPL > 0, user space applications could have access to system-wide settings such as the global and local descriptor tables, the segment selectors to the current task state and the local descriptor table. Hiding these system resources reduces the tools available to craft privilege escalation attacks.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Careers

      SThree’s Sunny Ackerman on Tech Hiring Trends

      James Maguire - June 9, 2022 0
      I spoke with Sunny Ackerman, President/Americas for tech recruiter SThree, about the tight labor market in the tech sector, and much needed efforts to...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×