Huh? It isn't to me. Can someone clarify on this?
- To what extend is this fixed by the mitigations which the kernel provides  for the Intel bugs? What do I have to add to my kernel command line?
- Where did he get the binary from? VirusTotal doesn't allow arbitrary people to download binaries which someone else uploaded, does it?
One of which is you can see what files are "parents" of the sample. In this case, there are a bunch of zip files that contain this file, all named Immunity Canvas or similar. Canvas is a pentesting tool where they publish exploits, so I guess he's saying you can attribute it to Immunity.
And yes, VirusTotal lets you download the file if you pay. It's the foundation of the "threat-intelligence" industry :)
I remember Immunity advertising about an exploit for spectre they have, and it's easy to find:
Very likely that this is what the top poster found.
Indeed, so it is critical to never upload any binaries to them that you do not have full permission to redistribute. Nowadays they are very open about the sharing, but in the past this was kind of hidden.
Not sure if that's good, bad, or something else, though. :)
The key part of this post is "In my lab, on a vulnerable Fedora" which means that the author is using an old, known-vulnerable version of Fedora on which to do their testing.
You don't have to do anything other than be running a reasonably modern version of the kernel that gets updates from -stable or from your distro.
BTW, this is a Spectre-v1-style exploit. These are EXTREMELY widespread across lots of processors with conditional branch speculation. It's (relatively) unrelated to the family of things like MDS or Spectre-v2 where microcode updates were issued.
Disclaimer: I work on Linux at Intel, occasionally on mitigation for this stuff.
Paranoid users of Ubuntu and Debian can install this package:
https://packages.debian.org/bullseye/hardening-runtime . Then reboot.
It disables SMT, so independently of mitigations you won’t be vulnerable, but of course Hyper-Threading will be gone.
The in-kernel Spectre-v1 mitigations, like:
are cheap and ubiquitous. You don't have to turn them on, and they're so cheap you can't even turn them off if you wanted.
Disclaimer: I work on Linux at Intel.
Supports Fedora, Arch, Debian, and openSUSE.
Has GNOME, Firefox, kernel cmdline, sysctl, firewalld, NetworkManager, and systemd unit hardening among other things.
Goes well with firejail (am a developer of): https://github.com/netblue30/firejail
No SMT, no sharing of TLBs and L1s (I know that writing it this way is a gross oversimplification).
I'd favor the kernel command line path over using a package, any ideas on which are needed to fix this particular exploit kit at hand?
You can test your (linux/bsd) system with the following:
A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018.
Only the people that pay them.
The Linux one at least is from the CANVAS product by Immunity Inc.
/home/user/Downloads/Immunity Canvas 7.26/Immunity Canvas 7.26/exploits/local/unix/spectre_file_leak/bin