Linux 6.14.7 and other new point releases for stable and maintained Linux kernel series were released today. Among the fixes incorporated were a notable ARM64 security fix.
Disclosed this past week was the Training Solo vulnerability affecting Intel processors and some Arm CPU cores. Upstreamed to the mainline Linux kernel was this merge for the ARM64 cBPF BHB mitigation:
“This adds the BHB mitigation into the code JITted for cBPF programs as these can be loaded by unprivileged users via features like seccomp.
The existing mechanisms to disable the BHB mitigation will also prevent the mitigation being JITted. In addition, cBPF programs loaded by processes with the SYS_ADMIN capability are not mitigated as these could equally load an eBPF program that does the same thing.
For good measure, the list of ‘k’ values for CPU’s local mitigations is updated from the version on arm’s website”
The ARM64 mitigation patches are part of today’s Linux 6.14.7, 6.12.29 LTS, 6.6.91 LTS, and 6.1.139 LTS kernel releases.
The ARM64 mitigation will also be part of today’s Linux 6.15-rc7 release due out in the coming hours.
