Researchers have found new ways to exploit branch prediction mechanism of modern processors, so here is the Kernel's response.
CPU vulnerability mitigation framework in Linux Kernel is already enough mature and has been helping us to track and choose adequate mitigation strategy, usually in the form of "speed VS safety" compromise.
Recent CVEs (namely, CVE-2022-29900 and CVE-2022-29901 - for AMD and Intel CPUs, respectively) demonstrate that previous mitigation mechanisms against "Spectre" attacks can be still bypassed. And these micro-architectural flaws are now addressed in the kernel.
For affected Intel CPUs (Skylane, Kabylake, Icelake, Cometlake, Lakefield, Cannonlake and Rocketlake generations), the mitigation allows to add a retbleed kernel command line parameter and choose between IBRS and Enhanced IBRS variants. "IBRS" stands for Indirect Branch Restricted Speculation and means suppressing CPU from being too much predictive, in simple words, and is the only known remedy against exploiting RSB (Return Stack Buffer) underflow.
Similarly, for affected AMD CPUs (0x15, 0x16 and 0x17 families) the same retbleed parameter was added and can take one of the following values: off, auto and unret (meaning "JMP2RET" mitigation, or "untrained return thunk" in some literature).
Finally, apart from adding new vulnerable CPUs, certain existing vulnerability mitigation mechanisms were improved.
Useful Links