![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
ElementDave
Limp Gawd
- Joined
- May 5, 2013
- Messages
- 394
It's that time of month. Spectre returns with new vulnerabilities and corresponding performance-crippling mitigations for affected x86 Intel and AMD CPUs.
Retbleed: Arbitrary Speculative Code Execution with Return Instructions
"Retbleed (CVE-2022-29900 and CVE-2022-29901) is the new addition to the family of speculative execution attacks that exploit branch target injection to leak information, which we call Spectre-BTI. Unlike its siblings, who trigger harmful branch target speculation by exploiting indirect jumps or calls, Retbleed exploits return instructions. This means a great deal, since it undermines some of our current Spectre-BTI defenses."
CPUs known to be vulnerable: "We have verified that Retbleed works on AMD Zen 1, Zen 1+, Zen 2 and Intel Core generation 6–8." The authors further clarify: "If it sports an AMD CPU family 0x15–0x17 or an Intel Core generation 6–8, it is likely affected. Note that we have only tested AMD CPU family 0x17 (AMD Zen 1, Zen 1+ and Zen 2)."
Performance impact: "Our performance evaluation shows that mitigating Retbleed has unfortunately turned out to be expensive: we have measured between 14% and 39% overhead with the AMD and Intel patches respectively.."
A Linux kernel patch adds a new kernel parameter "retbleed" to control the mitigations, including an option to disable them altogether.
According to an Intel blog, "... Windows systems are not affected given that these systems use Indirect Branch Restricted Speculation (IBRS) by default which is is also the mitigation being made available to Linux users. Intel is not aware of this issue being exploited outside of a controlled lab environment."
As one might imagine, various tech news sites have reported on the vulnerability. New working speculative execution attack sends Intel and AMD scrambling (Ars Technica)
Retbleed: Arbitrary Speculative Code Execution with Return Instructions
"Retbleed (CVE-2022-29900 and CVE-2022-29901) is the new addition to the family of speculative execution attacks that exploit branch target injection to leak information, which we call Spectre-BTI. Unlike its siblings, who trigger harmful branch target speculation by exploiting indirect jumps or calls, Retbleed exploits return instructions. This means a great deal, since it undermines some of our current Spectre-BTI defenses."
CPUs known to be vulnerable: "We have verified that Retbleed works on AMD Zen 1, Zen 1+, Zen 2 and Intel Core generation 6–8." The authors further clarify: "If it sports an AMD CPU family 0x15–0x17 or an Intel Core generation 6–8, it is likely affected. Note that we have only tested AMD CPU family 0x17 (AMD Zen 1, Zen 1+ and Zen 2)."
Performance impact: "Our performance evaluation shows that mitigating Retbleed has unfortunately turned out to be expensive: we have measured between 14% and 39% overhead with the AMD and Intel patches respectively.."
A Linux kernel patch adds a new kernel parameter "retbleed" to control the mitigations, including an option to disable them altogether.
According to an Intel blog, "... Windows systems are not affected given that these systems use Indirect Branch Restricted Speculation (IBRS) by default which is is also the mitigation being made available to Linux users. Intel is not aware of this issue being exploited outside of a controlled lab environment."
As one might imagine, various tech news sites have reported on the vulnerability. New working speculative execution attack sends Intel and AMD scrambling (Ars Technica)
