New Spectre-like flaw has made an eighth release candidate necessary
Linux kernel development boss Linus Torvalds’ prediction that Linux 5.17 would be released this week “unless something surprising comes up” has come to pass. The surprise was CVE-2021-26341, a flaw in some AMD processors found to have new Spectre-and-Meltdown-like speculative execution issues. AMD has described the flaw as meaning its processors “may transiently execute instructions following an unconditional direct branch that may result in detectable cache activity.” While the flaw was rated just 4.7/10 on the CVSS scale and AMD could not find any active exploitation, the chipmaker warned the problem is present in 14 client CPUs and first-and-second gen EPYC silicon for servers. The issue was detected in October 2021 and detailed by Grsecurity, which after disclosure worked to deliver a fix by February 8th but later agreed to extended deadline of March 8th.