Do Son 
The developers have released updates for several versions of the Linux kernel, including 6.14.7 and other actively maintained releases. The latest builds pay particular attention to addressing a vulnerability affecting ARM64-based systems.
The issue in question is the Training Solo vulnerability, discovered last week. It impacts Intel processors as well as certain Arm core models. A patch has been merged into the mainline Linux tree to implement a mitigation mechanism against Branch History Buffer (BHB) attacks for the classic Berkeley Packet Filter (cBPF).
The changes pertain to code generated via Just-In-Time (JIT) compilation for cBPF programs. These programs can be loaded by unprivileged users through various interfaces, including seccomp. Existing methods for disabling BHB attack mitigations would also inadvertently prevent the integration of these new security mechanisms into JIT-compiled code.
Notably, cBPF programs loaded by processes with SYS_ADMIN privileges are not subjected to the additional safeguards, as such processes already have access to eBPF programs offering equivalent functionality. The developers have also updated the set of values for the parameter k used by local CPU mitigation mechanisms, based on the latest data from Arm’s official documentation.
The patches for the ARM64 platform are included in today’s kernel releases: the base version 6.14.7, as well as the long-term support branches 6.12.29 LTS, 6.6.91 LTS, and 6.1.139 LTS. These same protections will also be incorporated into the forthcoming release candidate of Linux 6.15-rc7, expected to arrive within the next few hours.
Donate