Retbleed

Speculative execution attack on x86–64 processors

2022-29900, CVE-2022-29901, CVE-2022-28693^{[dead link]}

Retbleed is a speculative execution attack on x86-64 and ARM processors, including some recent Intel and AMD chips.^[1]^[2] First made public in 2022, it is a variant of the Spectre vulnerability which exploits retpoline, which was a mitigation for speculative execution attacks.^[3]

According to the researchers, Retbleed mitigations require extensive changes to the system which results in up to 14% and 39% performance loss on Linux for affected AMD and Intel CPU respectively.^[4] The PoC works against Intel Core 6th, 7th and 8th generation microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.

An official document from ARM informs that all ARM CPUs affected by Spectre are also affected by Retbleed.^[2]

Windows is not vulnerable because the existing mitigations already tackle it.^[1] Linux kernels 5.18.14 and 5.19 contain the fixes.^[5]^[6] The 32-bit Linux kernel, which is vulnerable, will not receive updates to fix the issue.^[7]

References

^ ^a ^b Claburn, Thomas. "AMD, Intel chips vulnerable to 'Retbleed' Spectre variant". www.theregister.com. Retrieved 2022-07-12.
^ ^a ^b ARM Developer. "Q: Are Arm CPUs affected by the RETBLEED side-channel disclosed on the 13th July 2022?". Retrieved 2022-07-13.
^ Goodin, Dan (2022-07-12). "Intel and AMD CPUs vulnerable to a new speculative execution attack". Ars Technica. Retrieved 2022-07-12.
^ ETH Zurich Computer Security Group. "Retbleed: Arbitrary Speculative Code Execution with Return Instructions". Retrieved 2022-07-13.
^ "Stable kernels 5.18.14 and 5.15.57 [LWN.net]". lwn.net. Retrieved 2022-08-06.
^ Sharwood, Simon (2022-07-17). "Torvalds: Linux kernel team has sorted Retbleed chip flaw". www.theregister.com. Retrieved 2022-09-13.
^ Michael Larabel (2022-07-24). "Linux x86 32-bit Is Vulnerable To Retbleed But Don't Expect It To Get Fixed". phoronix.com.

External links

Retbleed: Arbitrary Speculative Code Execution with Return Instructions
Original Retbleed proof of concept on GitHub

Speculative execution security vulnerabilities

Variants

Bounds Check Bypass (Spectre, Variant 1)
Bounds Check Bypass Store (Spectre-NG)
Branch Target Injection (Spectre, Variant 2)
Downfall
Foreshadow
Lazy FP state restore (Spectre-NG)
Load value injection
Microarchitectural Data Sampling
Pacman
Retbleed
Rogue Data Cache Load (Meltdown, Variant 3)
Rogue System Register Read (Spectre-NG, Variant 3a)
Speculative Store Bypass (Spectre-NG, Variant 4)
Spoiler

Topics

Hacking in the 2020s

← 2010s

Timeline

2030s →

Major incidents

2020	BlueLeaks Twitter account hijacking European Medicines Agency data breach Nintendo data leak United States federal government data breach EasyJet data breach Vastaamo data breach
2021	Microsoft Exchange Server breach Ivanti Pulse Connect Secure data breach Colonial Pipeline ransomware attack Health Service Executive ransomware attack Waikato District Health Board ransomware attack JBS S.A. ransomware attack Kaseya VSA ransomware attack Transnet ransomware attack Epik data breach FBI email hack National Rifle Association ransomware attack Banco de Oro hack
2022	Ukraine cyberattacks Red Cross data breach Anonymous and the Russian invasion of Ukraine Viasat hack DDoS attacks on Romania Costa Rican ransomware attack LastPass vault theft Shanghai police database leak Grand Theft Auto VI content leak
2023	Munster Technological University ransomware attack Evide data breach MOVEit data breach Insomniac Games data breach Polish railway cyberattack British Library cyberattack
2024	XZ Utils backdoor