Fedora Project Continues to Work on Mitigating Meltdown & Spectre Security Flaws

Laura Abbott, Fedora Kernel Engineer at Red Hat, explains what has been done until now to mitigate both Meltdown and Spectre attacks on supported Fedora Linux distributions. As Meltdown is easier to fix than Spectre, the KPTI (Kernel Page-table Isolation) patches have already reached the Fedora Linux repositories, but Indirect Branch Restricted Speculation (IBRS) patches for Spectre are on their way. One of the solutions to mitigate one of the variants of the Spectre security vulnerability is to implement retpoline support in the kernel, which won’t allow speculation by the CPU. Abbott says that Retpoline kernel support is coming in the next few days for all supported Fedora releases to provide users with a certain degree of protection against Spectre attacks, but there’s a lot more to be done for a complete protection.