Misplaced Pages

Retbleed is a speculative execution attack on x86-64 and ARM processors, including some recent Intel and AMD chips. First made public in 2022, it is a variant of the Spectre vulnerability which exploits retpoline, which was a mitigation for speculative execution attacks.

According to the researchers, Retbleed mitigations require extensive changes to the system which results in up to 14% and 39% performance loss on Linux for affected AMD and Intel CPU respectively. The PoC works against Intel Core 6th, 7th and 8th generation microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.

An official document from ARM informs that all ARM CPUs affected by Spectre are also affected by Retbleed.

Windows is not vulnerable because the existing mitigations already tackle it. Linux kernels 5.18.14 and 5.19 contain the fixes. The 32-bit Linux kernel, which is vulnerable, will not receive updates to fix the issue.

References

1. ^ Claburn, Thomas. "AMD, Intel chips vulnerable to 'Retbleed' Spectre variant". www.theregister.com. Retrieved 2022-07-12.
2. ^ ARM Developer. "Q: Are Arm CPUs affected by the RETBLEED side-channel disclosed on the 13th July 2022?". Retrieved 2022-07-13.
3. Goodin, Dan (2022-07-12). "Intel and AMD CPUs vulnerable to a new speculative execution attack". Ars Technica. Retrieved 2022-07-12.
4. ETH Zurich Computer Security Group. "Retbleed: Arbitrary Speculative Code Execution with Return Instructions". Retrieved 2022-07-13.
5. "Stable kernels 5.18.14 and 5.15.57 [LWN.net]". lwn.net. Retrieved 2022-08-06.
6. Sharwood, Simon (2022-07-17). "Torvalds: Linux kernel team has sorted Retbleed chip flaw". www.theregister.com. Retrieved 2022-09-13.
7. Michael Larabel (2022-07-24). "Linux x86 32-bit Is Vulnerable To Retbleed But Don't Expect It To Get Fixed". phoronix.com.

External links

• Retbleed: Arbitrary Speculative Code Execution with Return Instructions
• Original Retbleed proof of concept on GitHub

• Transient execution CPU vulnerabilities
• Hacking in the 2020s