There’s another great reason to update to 64-bit Linux now

Anyone still considering whether to update to 64-bit Linux kernels now has another big motivation after it was revealed 32-bit editions won’t be getting a major security fix.

Intel’s Pawan Gupta recently took to the mailing list to answer customer questions, one of which concerned the fix to Retbleed for 32-bit OS’.

“Intel is not aware of production environments that use 32-bit mode on Skylake-gen CPUs. So this should not be a concern.” Intel’s Peter Zijlstra chimed in to add: “Yeah, so far nobody cared to fix 32-bit. If someone *realllllly* cares and wants to put the effort in I suppose I’ll review the patches, but seriously, you shouldn’t be running 32-bit kernels on Skylake / Zen based systems, that’s just silly.”

Stealing secrets

Retbleed is the latest speculative execution attack, and a variant of the dreaded Spectre vulnerability that was discovered back in 2018. It is tracked as CVE-2022-29900 and CVE-2022-29901, and has already been fixed for the 64-bit versions. 

Earlier this month, two researchers from ETH Zurich discovered it allows abusers access to kernel memory, and given the nature of the flaw, fixing it also means slowing the chips down. “When computers execute special calculation steps to compute faster, they leave traces that hackers could abuse,” the researchers said.

These traces can be exploited, the researchers further found, giving threat actors unauthorized access to any information in the target endpoint, which includes encryption keys, passwords, and other secrets. 

The flaw is particularly risky in cloud environments, the researchers further said, where multiple companies share the same systems. In other words, one vulnerability could expose the secrets of multiple companies.

The National Center for Cyber Security in Bern, Switzerland considers the vulnerability serious because the affected processors are in use worldwide, the researchers sad. 

  • Looking for penguin-powered computing? We have the best Linux laptops lined up right here

Via: Tom’s Hardware

Go to Source