AMD And Intel CPUs Rocked By New Speculative Execution Attack With A Huge Performance Hit
Dp you remember a few years ago when everyone panicked over a couple of security flaws known as Meltdown and Spectre? These were a new type of security hole altogether, known as speculative execution flaws because they exploit the so-named capability of modern processors. That was back in 2018, and since then, every tech company under the sun has issued patches, firmware updates, and other guidance to mitigate the danger of these attacks.
So that's all over and dealt with, right? Well... not exactly. As it turns out, one of the major mitigations deployed against Spectre, known as "retpoline", isn't actually as helpful as we thought. A new flaw, known as "retbleed", has been discovered by researchers at ETH Zurich. Retbleed evades earlier protections against a specific form of the Spectre vulnerability, including machines using the retpoline mitigation.
Without getting into the technical weeds, where earlier Spectre attacks targeted indirect calls and jumps, retbleed instead targets returns. It works on both Intel and AMD machines, although it's drastically more effective on the latter. Like earlier Spectre attacks, once executed, it can allow any application executing on the target CPU to read any memory, regardless of whether it has the authority to do so.
This is, obviously, very bad for security. Password hashes and other secure information can be leaked to unprivileged software that normally wouldn't have access to kernel memory. By the researchers' estimate, a retbleed exploit can find and leak a Linux computer's root password hash from memory in around 28 minutes on an Intel machine and around 6 minutes for an AMD system.
Everyone reading this should flip out and rush to patch their systems, right? No, probably not. While retbleed is a very serious vulnerability, it only affects certain hardware: Intel machines from the 6th thru 8th generation Core families, and AMD Zen, Zen+, and Zen 2 systems. Intel says that it's also automatically mitigated by recent versions of Windows, which have Indirect Branch Restricted Speculation (IBRS) enabled by default. IBRS is an effective mitigation against retbleed, so Windows systems are essentially inoculated already.
Linux users on affected machines do have cause for concern, though, and that particularly extends to hosting providers and other folks that allow remote users to login to their systems without supervision. Both AMD and Intel say that they're not aware of anyone making use of these vulnerabilities in the wild, but patches aren't available yet. When they do become available, they may come with a performance hit of as much as 28%. Hopefully some clever coders will come up with a way to mitigate that performance loss.