A new version of Linux kernel (4.15) has been released, nonetheless, more work is needed to be done security problems related to Meltdown and Spectre vulnerabilities – said Linus Torvalds.
On the Linux Kernel Mailing List (LKML), Torvalds explained, “The bulk of the 4.15 work is all the regular plodding ‘boring’ stuff. And I mean that in the best possible way. It may not be glamorous and get the headlines, but it’s the bread and butter of kernel development, and is in many ways the really important stuff.“
“While Spectre/Meltdown has obviously been the big news this release cycle, it’s worth noting that we obviously had all the *normal* updates going on too, and the work everywhere else didn’t just magically stop, even if some developers have been distracted by CPU issues. In the *big* picture, 4.15 looks perfectly normal, with two thirds of the full 4.15 patch being about drivers … not by CPU bug mitigation.”
However, to mitigate problems related to the Meltdown and Spectre sill up. Linux is waiting on Intel’s hardware designers to complete their firmware and microcode patches.
In the meantime, Torvalds and the Linux kernel developers realize the job isn’t completed and they’re still hard at work tackling the security holes.
Torvalds said, “It is worth pointing out that it’s not like we’re ‘done’ with Spectre/Meltdown. There is more work pending (arm, spectre-v1, misc details), and perhaps equally importantly, to actually get the biggest fix for the indirect branch mitigations, you need not just the kernel updates, you need to have a compiler with support for the ‘retpoline‘ indirect branch model.“
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.