Security News > 2022 > July > Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant

Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place.

"Unlike its siblings, who trigger harmful branch target speculation by exploiting indirect jumps or calls, Retbleed exploits return instructions," explained Wikner and Razavi in a draft blog post about the design bug provided to The Register.

During the course of their Retbleed investigation, Wikner, Razavi, and another ETH Zurich researcher Daniël Trujillo, discovered that AMD CPU cores perform phantom jumps: these are branch predictions being made without a branch instruction actually present.

Retbleed has been designated CVE-2022-29900 for AMD, and CVE-2022-29901 and CVE-2022-28693 for Intel.

At noon Pacific Time today, AMD is due to publish a white paper on its analysis of Retbleed and technical guidance for programmers to ensure their code isn't vulnerable to side-channel attack.

In short, ensure you're running the latest OS updates and processor microcode to ensure you have adequate defenses against Retbleed, and if you're a developer, particularly a kernel programmer, check the technical guidance from Intel and AMD to prevent the shipping of exploitable privileged code.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/12/amd_intel_retbleed/