Security News > 2022 > July > New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs

New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs
2022-07-14 08:42

Retbleed is also the latest addition to a class of Spectre attacks known as Spectre-BTI, which exploit the side effects of an optimization technique called speculative execution by means of a timing side channel to trick a program into accessing arbitrary locations in its memory space and leak private information.

Speculative execution attempts to fill the instruction pipeline of a program by predicting which instruction will be executed next in order to gain a performance boost, while also undoing the results of the execution should the guess turn out to be wrong.

While safeguards like Retpoline have been devised to prevent branch target injection, Retbleed is designed to get around this countermeasure and achieve speculative code execution.

"Retbleed aims to hijack a return instruction in the kernel to gain arbitrary speculative code execution in the kernel context. With sufficient control over registers and/or memory at the victim return instruction, the attacker can leak arbitrary kernel data."

The core idea, in a nutshell, is to treat return instructions as an attack vector for speculation execution and force the returns to be predicted like indirect branches, effectively undoing protections offered by Retpoline.

As a new line of defense, AMD has introduced what's referred to as Jmp2Ret, while Intel has recommended using enhanced Indirect Branch Restricted Speculation to address the potential vulnerability even if Retpoline mitigations are in place.


News URL

https://thehackernews.com/2022/07/new-retbleed-speculative-execution.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6314 31 755 708 45 1539
AMD 821 5 111 109 26 251