Rafael Correa De Ysasi

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.9.176 **Description** The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The `ib prctl set` function updates the Thread Information Flags (TIFs) for the task and updates the SPEC CTRL MSR on the function ` speculation ctrl update`, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. **Recommendations** Upgrade past commit a664ec9158eeddd75121d39c9a0758016097fa96 to mitigate the issue. As a temporary workaround, consider disabling the `ib prctl set` function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the `ib prctl set` function in the affected API endpoint until the issue is resolved.