Today we published 2 security advisories addressing 3 CVEs. In support of INTEL-SA-00598, we also published a technical paper entitled “Branch History Injection and Intra-mode Branch Target Injection: Overview and Mitigation Recommendations“. It is important to note that the primary mitigation recommendation described was already the default for most Linux distributions. Intel worked with the Linux community to add the ability to disable unprivileged eBPF to the upstream Linux kernel starting with version 5.16. It has also been backported to earlier versions.
To help get a better understanding of the issues addressed in INTEL-SA-00598, in the Chips & Salsa video below, CRob and I talk to Intel subject matter experts Jason Brandt, who is an Intel CPU Architect, and Alyssa Milburn, who is an offensive security researcher on the Intel STORM team:
For the complete list of today’s advisories, please visit our security center.
Regards,
Jerry Bryant Sr. Director Intel Product Assurance and Security
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.