"Retbleed" Published As Arbitrary Speculative Execution With Return Instructions

Written by Michael Larabel in Linux Security on 12 July 2022 at 01:34 PM EDT. 49 Comments
LINUX SECURITY
Being made public this Patch Tuesday is "RETBLEED" as two new CVEs for the latest speculative execution attacks affecting today's hardware. Retbleed exploits return instructions and is able to undermine existing defenses against Spectre Branch Target Injection (BTI).

In particular, Retbleed can beat existing return trampolines "retpolines" defenses even though when devised just four years ago the belief was that returns weren't susceptible / too impractical to BTI attacks. Retbleed now proves that return instructions can be practically exploited.

The security researchers found that Retbleed impacts AMD Zen 1/1+/2 and Intel Core 6th through 8th Gen processors.

This does come with added performance cost, from today's disclosure, "Mitigating Retbleed in the Linux kernel required a substantial effort, involving changes to 68 files, 1783 new lines and 387 removed lines. Our performance evaluation shows that mitigating Retbleed has unfortunately turned out to be expensive: we have measured between 14% and 39% overhead with the AMD and Intel patches respectively."


More details about Retbleed on the new Retbleed site.

The Retbleed mitigation work was merged this morning into the Linux kernel. I'll have up Retbleed mitigation benchmarks shortly.

Update: Intel's statement on the matter mailed to us comes down to: "Intel worked with our industry mitigation partners, the Linux community and VMM vendors to make mitigations available to customers. Windows systems are not affected as they already have these mitigations by default." They also went on to add that they take these issues very seriously but don't believe Retbleed is practical outside of a lab environment.
49 Comments
Related News
Linux BHI Mitigation Being Tweaked Following 12% Database Performance Hit
Linux 6.9-rc4 To Bring New Fixes For x86 Speculation Mitigations
Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability
GitHub Disables The XZ Repository Following Today's Malicious Disclosure
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
Linux 6.9 Sees Further Security Hardening
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Fedora Linux 40 Cleared For Release Next Week
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Fedora Linux 40 Available For Download As A Wonderful Upgrade
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
MPV 0.38 Media Player Released With New Options & Fixes