Linux Kernel Indirect Branch Tracker WFE State Management Vulnerability

A vulnerability in the Linux kernel's handling of the indirect branch tracker (IBT) can lead to a deadlock situation. This issue arises when an indirect branch instruction sets the CPU's IBT into a WAIT_FOR_ENDBRANCH (WFE) state, which is then improperly maintained across instruction boundaries. During the 'kernel IBT no ENDBR' self-test, where #CP faults are intentionally triggered, the WFE state must be cleared to prevent execution from getting stuck in a loop. While the Interrupt Descriptor Table (IDT) does not retain the WFE state, the FRED mechanism does, requiring software to manually clear it. Failure to do so can cause the CPU to repeatedly enter a dead loop, exacerbating the problem.

Impact

This vulnerability can cause the CPU to enter a dead loop, continuously raising 'missing-ENDBRANCH' #CP faults, effectively halting execution.