Security News > 2022 > July > New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs
Retbleed is also the latest addition to a class of Spectre attacks known as Spectre-BTI, which exploit the side effects of an optimization technique called speculative execution by means of a timing side channel to trick a program into accessing arbitrary locations in its memory space and leak private information.
Speculative execution attempts to fill the instruction pipeline of a program by predicting which instruction will be executed next in order to gain a performance boost, while also undoing the results of the execution should the guess turn out to be wrong.
While safeguards like Retpoline have been devised to prevent branch target injection, Retbleed is designed to get around this countermeasure and achieve speculative code execution.
"Retbleed aims to hijack a return instruction in the kernel to gain arbitrary speculative code execution in the kernel context. With sufficient control over registers and/or memory at the victim return instruction, the attacker can leak arbitrary kernel data."
The core idea, in a nutshell, is to treat return instructions as an attack vector for speculation execution and force the returns to be predicted like indirect branches, effectively undoing protections offered by Retpoline.
As a new line of defense, AMD has introduced what's referred to as Jmp2Ret, while Intel has recommended using enhanced Indirect Branch Restricted Speculation to address the potential vulnerability even if Retpoline mitigations are in place.
News URL
https://thehackernews.com/2022/07/new-retbleed-speculative-execution.html
Related news
- New ZenHammer memory attack impacts AMD Zen CPUs (source)
- New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)
- New GoFetch attack on Apple Silicon CPUs can steal crypto keys (source)
- Researchers unveil novel attack methods targeting Intel’s conditional branch predictor (source)