HOME

TheInfoList



Click Here for Items Related To - Retbleed
OR:
Retbleed on:   [Wikipedia]   [Google]   [Amazon]

Retbleed is a
speculative execution Speculative execution is an optimization technique where a computer system performs some task that may not be needed. Work is done before it is known whether it is actually needed, so as to prevent a delay that would have to be incurred by doing ...
attack on
x86-64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging ...
and
ARM In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between t ...
processors, including some recent
Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the devel ...
and
AMD Advanced Micro Devices, Inc. (AMD) is an American multinational semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets. While it initially manufact ...
chips. First made public in 2022, it is a variant of the
Spectre Spectre, specter or the spectre may refer to: Religion and spirituality * Vision (spirituality) * Apparitional experience * Ghost Arts and entertainment Film and television * ''Spectre'' (1977 film), a made-for-television film produced and writ ...
vulnerability which exploits
retpoline Spectre refers to one of the two original transient execution CPU vulnerabilities (the other being Meltdown), which involve microarchitectural timing side-channel attacks. These affect modern microprocessors that perform branch prediction and ...
, which was intended as a mitigation for speculative execution attacks. According to the researchers Retbleed mitigations require extensive changes to the system which results in up to 14% and 39% performance loss on Linux for affected AMD and Intel CPU respectively. The PoC works against
Intel Core Intel Core is a line of streamlined midrange consumer, workstation and enthusiast computer central processing units (CPUs) marketed by Intel Corporation. These processors displaced the existing mid- to high-end Pentium processors at the time ...
6th, 7th and 8th generation microarchitectures and
AMD Zen Zen is the codename for a family of computer processor microarchitectures from AMD, first launched in February 2017 with the first generation of its Ryzen CPUs. It is used in Ryzen (desktop and mobile), Ryzen Threadripper ( workstation/high ...
1, Zen 1+, and Zen 2 microarchitectures. An official document from ARM informs that all ARM CPUs affected by Spectre are also affected by Retbleed.
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...
is not vulnerable because the existing mitigations already tackle it.
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
kernels 5.18.14 and 5.19 contain the fixes. The 32-bit Linux kernel, which is vulnerable, will not receive updates to fix the issue.


References


External links


Retbleed: Arbitrary Speculative Code Execution with Return Instructions

Original Retbleed proof of concept
on
GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, co ...
{{Hacking in the 2020s Speculative execution security vulnerabilities Hacking in the 2020s