Oracle updated the UEK4 (Unbreakable Enterprise Kernel) to include support for retpoline, that can mitigate the Spectre from all the processors with Variant 2 vulnerabilities.
The Meltdown and Spectre take place in three variants (V1, V2 and V3). The Variant 2 is caused by Spectre in the Linux Kernel. Spectre CPU bug can affect Intel, ARM and AMD processors. It works by tricking the processors into executing various information that they otherwise should not have been able to. This grants hackers access to the sensitive and critical information saved in other applications’ memory.
Since the Spectre exists in hardware, it’s hard to patch it. Oracle is the first company within Red Hat Community to release retpoline supported UEK4, that can remediate the vulnerability. Retpoline is an option through which Linux kernel is compiled to perform indirect calls which can stop the kernel process.
Most of the tech giants released updates and patches to fix these vulnerabilities, but they didn’t seem to work well with the systems. While Red Hat’s fixes for AMD processors exploited the CPUs, fixes from Intel had impact on performance.
“For corporate users and others with mandated patch schedules over a large number of servers, the UEK now seems to be the only solution for complete Spectre coverage on all CPUs. The UEK brings a number of other advantages over the “Red Hat-Compatible Kernel” (RHCK), but this patch response is likely to drive Oracle deeply into the Red Hat community should they remain the single source,” as per Linux Journal.
The retpoline supported unbreakable enterprises kernel works both on Oracle Linux 6 and Oracle Linux 7.
In order to reduce risks associated with the Meltdown and Spectre, Intel has made another move, by redesigning its next generation upcoming processors (8th Generation Xeon and Core Processor chips).
