A Slew Of Stable Kernel Updates Issued For Addressing MBS / Zombieload Vulnerabilities

Following today's disclosure of the new MDS vulnerabilities affecting Intel CPUs, a slew of new Linux kernel stable releases have been issued.

Greg Kroah-Hartman has issued Linux 5.1.2, 5.0.16, 4.19.43, 4.14.119, and 4.9.176 with these now public mitigation patches that pair with Intel's CPU microcode for mitigating this latest set of speculative execution side-channel vulnerabilities.

Greg wrote:

All users of the 5.1 kernel series must upgrade. Well, kind of, let me rephrase that...

All users of Intel processors made since 2011 must upgrade.

Note, this release, and the other stable releases that are all being released right now at the same time, just went out all contain patches that have only seen the "public eye" for about 5 minutes. So be forwarned, they might break things, they might not build, but hopefully they fix things. Odds are we will be fixing a number of small things in this area for the next few weeks as things shake out on real hardware and workloads. So don't think you are done updating your kernel, you never are done with that :)

Go fetch from Kernel.org.

Yes, I'll be running some benchmarks of this latest mitigation work... Supposedly up to 10% performance penalty for MDS. Benchmarks out later this week.