Security News > 2022 > July > Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant

Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant
2022-07-12 16:00

Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place.

"Unlike its siblings, who trigger harmful branch target speculation by exploiting indirect jumps or calls, Retbleed exploits return instructions," explained Wikner and Razavi in a draft blog post about the design bug provided to The Register.

During the course of their Retbleed investigation, Wikner, Razavi, and another ETH Zurich researcher Daniël Trujillo, discovered that AMD CPU cores perform phantom jumps: these are branch predictions being made without a branch instruction actually present.

Retbleed has been designated CVE-2022-29900 for AMD, and CVE-2022-29901 and CVE-2022-28693 for Intel.

At noon Pacific Time today, AMD is due to publish a white paper on its analysis of Retbleed and technical guidance for programmers to ensure their code isn't vulnerable to side-channel attack.

In short, ensure you're running the latest OS updates and processor microcode to ensure you have adequate defenses against Retbleed, and if you're a developer, particularly a kernel programmer, check the technical guidance from Intel and AMD to prevent the shipping of exploitable privileged code.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/12/amd_intel_retbleed/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-07-12 CVE-2022-29901 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data.
local
low complexity
intel xen fedoraproject vmware debian CWE-668
6.5
2022-07-12 CVE-2022-29900 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
local
low complexity
xen debian fedoraproject amd CWE-212
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6314 31 755 708 45 1539
AMD 892 5 120 122 27 274