Retbleed
| CVE identifiers | CVE-2022-29900, CVE-2022-29901, CVE-2022-28693[dead link] |
|---|
Retbleed is a speculative execution attack on x86-64 and ARM processors, including some recent Intel and AMD chips.[1][2] First made public in 2022, it is a variant of the Spectre vulnerability which exploits retpoline, which was a mitigation for speculative execution attacks.[3]
According to the researchers, Retbleed mitigations require extensive changes to the system which results in up to 14% and 39% performance loss on Linux for affected AMD and Intel CPU respectively.[4] The PoC works against Intel Core 6th, 7th and 8th generation microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.
An official document from ARM informs that all ARM CPUs affected by Spectre are also affected by Retbleed.[2]
Windows is not vulnerable because the existing mitigations already tackle it.[1] Linux kernels 5.18.14 and 5.19 contain the fixes.[5][6] The 32-bit Linux kernel, which is vulnerable, will not receive updates to fix the issue.[7]
References
[edit | edit source]- ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).