Retbleed

See also: Transient execution CPU vulnerability
Retbleed
CVE identifiersCVE-2022-29900, CVE-2022-29901, CVE-2022-28693[dead link]

Retbleed is a speculative execution attack on x86-64 and ARM processors, including some recent Intel and AMD chips.[1][2] First made public in 2022, it is a variant of the Spectre vulnerability which exploits retpoline (return trampoline), which was a mitigation for speculative execution attacks.[3]

According to the researchers, Retbleed mitigations require extensive changes to the system which results in up to 14% and 39% performance loss on Linux for affected AMD and Intel CPU respectively.[4] The PoC works against Intel Core 6th, 7th and 8th generation microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.

An official document from ARM informs that all ARM CPUs affected by Spectre are also affected by Retbleed.[2]

Windows is not vulnerable because the existing mitigations already tackle it.[1] Linux kernels 5.18.14 and 5.19 contain the fixes.[5][6] The 32-bit Linux kernel, which is vulnerable, will not receive updates to fix the issue.[7]

References

  1. ^ a b Claburn, Thomas. "AMD, Intel chips vulnerable to 'Retbleed' Spectre variant". www.theregister.com. Retrieved 2022-07-12.
  2. ^ a b ARM Developer. "Q: Are Arm CPUs affected by the RETBLEED side-channel disclosed on the 13th July 2022?". Retrieved 2022-07-13.
  3. ^ Goodin, Dan (2022-07-12). "Intel and AMD CPUs vulnerable to a new speculative execution attack". Ars Technica. Retrieved 2022-07-12.
  4. ^ ETH Zurich Computer Security Group. "Retbleed: Arbitrary Speculative Code Execution with Return Instructions". Retrieved 2022-07-13.
  5. ^ "Stable kernels 5.18.14 and 5.15.57 [LWN.net]". lwn.net. Retrieved 2022-08-06.
  6. ^ Sharwood, Simon (2022-07-17). "Torvalds: Linux kernel team has sorted Retbleed chip flaw". www.theregister.com. Retrieved 2022-09-13.
  7. ^ Michael Larabel (2022-07-24). "Linux x86 32-bit Is Vulnerable To Retbleed But Don't Expect It To Get Fixed". phoronix.com.

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.