abarbarian Posted January 23 Posted January 23 Intel & AMD Devs Address Bad Linux Kernel Code From Microsoft Dev Quote Intel and AMD developers fixed a major issue in the Linux 6.13 release, an issue that was caused by a bad commit from a Microsoft developer. Quote Unfortunately, the code interfered with Control Clow Integrity (CFI), an anti-malware feature that is critical to maintaining Linux security. Quote Performance should not come at the expense of security, which is exactly what would have happened if this patch had slipped through. Luckily linux devs are on the ball, spotting the mistake and stopping it. 1 Quote
securitybreach Posted January 23 Posted January 23 And even stopping it before 6.13 stable was released. https://kernel.org/ Quote
abarbarian Posted January 24 Author Posted January 24 19 hours ago, securitybreach said: And even stopping it before 6.13 stable was released. https://kernel.org/ Yes the kernel devs were certainly on the ball in stopping its inclusion. However it raises the question of how it got there in the first place and why it still remains in place albeit disabled. Intel, AMD engineers rush to save Linux 6.13 after dodgy Microsoft code change Quote Microsoft is notable for dubious quality control standards regarding releases of its flagship operating system, Windows. That one of its engineers should drop some dodgy code into the Linux kernel is not hugely surprising, and the unfortunate individual is not the first and will not be the last to do so, regardless of their employer. Quote However, the processes that allowed it to remain in the build this close to public release will be a concern. While it is amusing that engineers from both Intel and AMD were involved in dealing with the issues arising from the contribution of a Microsoft engineer, and the problem never reached the stable release, it is concerning. Petkov will not be the only one wondering how the change made it in without a review by the Linux x86/x86_64 maintainers. Letting Microsoft anywhere near the linux kernel or the linux world was always a recipe for disaster. All Microsoft care about is money and how to get it at any cost. Penguins beware. 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.