Incorrect indirect branch prediction barrier in the Linux Kernel
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96
Affected products
- <a664ec9158eeddd75121d39c9a0758016097fa96
Matching in nixpkgs
pkgs.coq-kernel
None
pkgs.kernelshark
GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem
-
nixos-unstable -
- nixpkgs-unstable 2.4.0
pkgs.linuxPackages.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxPackages.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.kernel-hardening-checker
Tool for checking the security hardening options of the Linux kernel
-
nixos-unstable -
- nixpkgs-unstable 0.6.10.2
pkgs.linuxPackages.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxPackages_lqx.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.5
pkgs.linuxPackages_zen.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.5
pkgs.python312Packages.kernels
Load compute kernels from the Huggingface Hub
-
nixos-unstable -
- nixpkgs-unstable 0.10.0
pkgs.python313Packages.kernels
Load compute kernels from the Huggingface Hub
-
nixos-unstable -
- nixpkgs-unstable 0.10.0
pkgs.linuxPackages.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.linuxPackages-libre.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxPackages-libre.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.python312Packages.ipykernel
IPython Kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 6.30.1
pkgs.python313Packages.ipykernel
IPython Kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 6.30.1
pkgs.linuxPackages_latest.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.linuxPackages_lqx.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxPackages_xanmod.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxPackages_xanmod.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.linuxPackages_zen.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.python312Packages.nix-kernel
Simple jupyter kernel for nix-repl
-
nixos-unstable -
- nixpkgs-unstable 2020-04-26
pkgs.python313Packages.nix-kernel
Simple jupyter kernel for nix-repl
-
nixos-unstable -
- nixpkgs-unstable 2020-04-26
pkgs.python312Packages.bash-kernel
Bash Kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 0.10.0
pkgs.python313Packages.bash-kernel
Bash Kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 0.10.0
pkgs.haskellPackages.ipython-kernel
A library for creating kernels for IPython frontends
-
nixos-unstable -
- nixpkgs-unstable 0.11.0.0
pkgs.linuxPackages-libre.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxPackages_lqx.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.5
pkgs.linuxPackages_zen.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.5
pkgs.rocmPackages.composable_kernel
Performance portable programming model for machine learning tensor operators
-
nixos-unstable -
- nixpkgs-unstable 6.4.0-unstable-2024-12-20
pkgs.linuxPackages_latest.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxPackages_xanmod.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.gnomeExtensions.kernel-indicator
Display the kernel version in the top bar
-
nixos-unstable -
- nixpkgs-unstable 4
pkgs.linuxPackages-libre.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.python312Packages.ansible-kernel
Ansible kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
pkgs.python312Packages.spyder-kernels
Jupyter kernels for Spyder's console
-
nixos-unstable -
- nixpkgs-unstable 3.1.0b1
pkgs.python313Packages.ansible-kernel
Ansible kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
pkgs.python313Packages.spyder-kernels
Jupyter kernels for Spyder's console
-
nixos-unstable -
- nixpkgs-unstable 3.1.0b1
pkgs.rocmPackages_6.composable_kernel
Performance portable programming model for machine learning tensor operators
-
nixos-unstable -
- nixpkgs-unstable 6.4.0-unstable-2024-12-20
pkgs.linuxPackages_latest.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
pkgs.linuxPackages_xanmod.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.linuxPackages_latest-libre.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.python312Packages.jupyter-c-kernel
Minimalistic C kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.python313Packages.jupyter-c-kernel
Minimalistic C kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.linuxPackages_xanmod_stable.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.linuxPackages_latest-libre.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_5_4.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-5.4.299
pkgs.linuxKernel.packages.linux_5_4.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-5.4.299
pkgs.linuxKernel.packages.linux_6_1.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.1.152
pkgs.linuxKernel.packages.linux_6_1.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.1.152
pkgs.linuxKernel.packages.linux_6_6.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.6.106
pkgs.linuxKernel.packages.linux_6_6.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.6.106
pkgs.linuxKernel.packages.linux_lqx.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.5
pkgs.linuxKernel.packages.linux_zen.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.5
pkgs.linuxPackages_xanmod_stable.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_5_10.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-5.10.244
pkgs.linuxKernel.packages.linux_5_10.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-5.10.244
pkgs.linuxKernel.packages.linux_5_15.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-5.15.193
pkgs.linuxKernel.packages.linux_5_15.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-5.15.193
pkgs.linuxKernel.packages.linux_6_12.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxKernel.packages.linux_6_12.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.linuxKernel.packages.linux_6_16.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.linuxPackages_latest-libre.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
pkgs.linuxKernel.packages.linux_libre.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxKernel.packages.linux_libre.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.linuxPackages_xanmod_stable.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
pkgs.home-assistant-component-tests.hardkernel
Open source home automation that puts local control and privacy first
-
nixos-unstable -
- nixpkgs-unstable 2025.9.3
pkgs.linuxKernel.packages.linux_5_4.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_6_1.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_6_6.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_lqx.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_xanmod.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxKernel.packages.linux_xanmod.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.linuxKernel.packages.linux_zen.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_5_10.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_5_15.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_6_12.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_6_16.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_5_4.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-5.4.299
pkgs.linuxKernel.packages.linux_6_1.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.1.152
pkgs.linuxKernel.packages.linux_6_6.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.6.106
pkgs.linuxKernel.packages.linux_hardened.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.43
pkgs.linuxKernel.packages.linux_hardened.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.43
pkgs.linuxKernel.packages.linux_libre.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_lqx.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.5
pkgs.linuxKernel.packages.linux_zen.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.5
pkgs.linuxKernel.packages.linux_5_10.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-5.10.244
pkgs.linuxKernel.packages.linux_5_15.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-5.15.193
pkgs.linuxKernel.packages.linux_6_12.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.linuxKernel.packages.linux_6_16.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
pkgs.linuxKernel.packages.linux_xanmod.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_libre.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.linuxKernel.packages.linux_hardened.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_xanmod.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.linuxKernel.packages.linux_latest_libre.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.43
pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.43
pkgs.linuxKernel.packages.linux_hardened.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.43
pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.linuxKernel.packages.linux_latest_libre.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_6_12_hardened.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_xanmod_stable.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_latest_libre.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.43
pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
Package maintainers
-
@honnip Jung seungwoo <me@honnip.page>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@dotlambda Robert Schütz <rschuetz17@gmail.com>
-
@erdnaxe Alexandre Iooss <erdnaxe@crans.org>
-
@basvandijk Bas van Dijk <v.dijk.bas@gmail.com>
-
@Sigmanificient Yohann Boniface <sigmanificient@gmail.com>
-
@fsagbuya Florian Agbuya <fa@m-labs.ph>
-
@amarshall Andrew Marshall <andrew@johnandrewmarshall.com>
-
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
-
@zimbatm zimbatm <zimbatm@zimbatm.com>
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
-
@natsukium Tomoya Otabi <nixpkgs@natsukium.com>
-
@thomasjm Tom McLaughlin <tom@codedown.io>
-
@osbm Osman Bayram <osmanfbayram@gmail.com>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@Flakebi Sebastian Neubauer <flakebi@t-online.de>
-
@mschwaig Martin Schwaighofer <mschwaig+nixpkgs@eml.cc>
-
@GZGavinZhao Gavin Zhao