Alvise De Faveri Tron

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. This issue is related to a new variant of the Spectre v2 attack, called Native Branch History Injection (BHI), which can be used to leak arbitrary kernel memory at 3.5 kB/sec. The vulnerability can be exploited by an unauthenticated attacker to leak privileged memory, bypassing existing Spectre mitigation techniques. **Recommendations** As a temporary workaround, consider disabling the `eBPF` functionality to minimize the risk of exploitation. Restrict access to the vulnerable `InSpectre Gadget` tool to prevent attackers from finding gadgets in the kernel. Apply the recommendations provided by Intel, including disabling non-privileged `eBPF` functionality, enabling enhanced speculation with indirect branch tracking (eIBRS), and enabling supervisor mode execution protection (SMEP). Add `LFENCE` instructions to specific places in the code to serve as serialization points and implement software sequences that clear the branch history buffer (BHB) for transitions between different security domains. At the moment, there is no information about a newer version that contains a fix for this vulnerability.