Anthony Steinhauser

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.8-rc1 **Description** A logic bug flaw was found in the implementation of SSBD, allowing an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue is related to insufficient input validation and incorrect implementation of functions, which can lead to unauthorized access to protected information. The flaw can be exploited to disclose side channel information, potentially leading to local information disclosure without requiring additional execution privileges. User interaction is not needed for exploitation. The highest threat from this issue is to confidentiality. **Recommendations** For Linux kernel versions prior to 5.8-rc1, consider disabling the speculative execution mitigations as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.4.1 **Description** The issue is related to Information Exposure due to the lack of Spectre-RSB mitigation for all applicable CPUs. This concern is tied to the components arch/powerpc/kernel/entry 64.S and arch/powerpc/kernel/security.c in the Linux kernel. The vulnerability allows an attacker to potentially gain unauthorized access to information by exploiting data left in the processor cache due to speculative instruction execution. **Recommendations** For Linux kernel versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and resources until the update can be applied.