As reported by The Register, Torvalds published a blog post (opens in new tab) detailing the work, saying that the fix wasn’t that easy to build, and that the team will have to push the release of the next patch by at least a week.
“When we’ve had one of those embargoed [hardware] issues pending, the patches didn’t get the open development, and then as a result missed all the usual sanity checking by all the automation build and test infrastructure we have,” Torvalds wrote.
“So no surprise – there’s been various small fixup patches afterwards too for some corner cases.”
Last week, two researchers from ETH Zurich discovered the flaw, saying it allowed potential threat actors access to kernel memory of an endpoint (opens in new tab), which essentially means access to sensitive data such as passwords, and similar. The flaw is particularly risky in cloud environments, the researchers further said, where multiple companies share the same systems. In other words, one vulnerability could expose the secrets of multiple companies.
Similarly to Spectre and Meltdown, flaws that shook the very foundation of the computing world four years ago, the patch for Retbleed will inevitably slo the processors down.
But Retbleed is just one of the reasons for the delay in the distribution of the patch, Torvalds further explained.
“Last week there were two other development trees that independently also asked for an extension, so 5.19 will be one of those releases that have an additional rc8 next weekend before the final release,” Torvalds said.
“When it rains it pours,” he added. “Not that things really look all that bad. I think we’ve got the Retbleed fallout all handled (knock wood).”
The two things developers were working on include the btrfs filesystem, and the firmware for controllers for Intel GPUs. These issues did not create any particular complications, Torvalds concluded, adding “it’s not like we have any huge issues, but an extra week is most definitely called for.”