Retbleed Explained

Retbleed
Cve:	,,

Retbleed is a speculative execution attack on x86-64 and ARM processors, including some recent Intel and AMD chips.^[1] First made public in 2022, it is a variant of the Spectre vulnerability which exploits retpoline, which was a mitigation for speculative execution attacks.^[2]

According to the researchers, Retbleed mitigations require extensive changes to the system which results in up to 14% and 39% performance loss on Linux for affected AMD and Intel CPU respectively.^[3] The PoC works against Intel Core 6th, 7th and 8th generation microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.

An official document from ARM informs that all ARM CPUs affected by Spectre are also affected by Retbleed.^[4]

Windows is not vulnerable because the existing mitigations already tackle it. Linux kernels 5.18.14 and 5.19 contain the fixes.^[5] ^[6] The 32-bit Linux kernel, which is vulnerable, will not receive updates to fix the issue.^[7]

External links

Notes and References

Web site: Thomas . Claburn. AMD, Intel chips vulnerable to 'Retbleed' Spectre variant . 2022-07-12 . www.theregister.com . en.
Web site: Goodin . Dan . 2022-07-12 . Intel and AMD CPUs vulnerable to a new speculative execution attack . 2022-07-12 . Ars Technica . en-us.
Web site: Retbleed: Arbitrary Speculative Code Execution with Return Instructions. ETH Zurich Computer Security Group. 2022-07-13.
Web site: Q: Are Arm CPUs affected by the RETBLEED side-channel disclosed on the 13th July 2022?. ARM Developer. 2022-07-13.
Web site: Stable kernels 5.18.14 and 5.15.57 [LWN.net] ]. 2022-08-06 . lwn.net.
Web site: Sharwood . Simon . Torvalds: Linux kernel team has sorted Retbleed chip flaw . 2022-07-17 . 2022-09-13 . www.theregister.com . en.
Web site: Linux x86 32-bit Is Vulnerable To Retbleed But Don't Expect It To Get Fixed. phoronix.com. 2022-07-24. Michael Larabel.