Researchers at ETH Zurich have discovered a serious hardware vulnerability in Intel and AMD microprocessors, affecting all Linux operating systems that use the affected chips.
Doctoral student Johannes Wikner and assistant professor Kaveh Razavi discovered the vulnerability, and dubbed it ‘Retbleed’. This name stems from the vulnerability’s methodology, exploiting the messy way that processors handle return instructions, which occur after a function has been executed. In a blog post
The Total Economic Impact™ Of IBM FlashSystem
Cost savings and business benefits enabled by FlashSystem
By hijacking speculative execution processes, Retbleed can leak kernel memory from Intel and AMD CPUs, as well as the root password hash for Linux systems using the affected CPUs. Any system using an Intel CPU from generations 6-8, or AMD Zen1, Zen1+ and Zen2 is likely affected.
To end, Retbleed represents a very widespread and severe threat to the security of hardware to the majority of business PCs, given the vast market share enjoyed by both Intel and AMD.
Speculative execution is used to access computational steps before it has been confirmed that they are necessary for the process; in effect, the processor ‘guesses’ what might be needed before finishing the chain of instructions to speed things up and improve its overall power. Unneeded speculative calculations are discarded, but leave a trace in the cache that hackers can use as a backdoor. This can be used to gain access to information in the memory, which could be highly sensitive.
In this way, Retbleed is similar to Spectre, which was discovered in 2018 and caused widespread alarm in the computing world. Although Intel and AMD have since mitigated Spectre, how they did this led to reliance on the exact construct that Retbleed now exploits.
To shield the indirect jumps utilised by many processors, a construct known as Retpoline is utilised, to favour the use of returns. When this was implemented, it was widely believed that returns were not a valid vector of attack, a belief that Retbleed has now disproven.
“Since the mitigation measures taken so far did not take the return instructions into account, most existing microprocessor computer systems are vulnerable to ‘Retbleed’,” Razavi stated.
Affected manufacturers were made aware of the vulnerability before the general public, and have already taken steps to identify the weaknesses within their processors and enact mitigation measures. This is not always the case with hardware vulnerabilities, which can prove next to impossible to patch altogether.
Unfortunately, the researchers have said that mitigations are expensive to implement, with a 14-39% predicted overhead for AMD and Intel patches. As with the hardware-based flaws before it, Retbleed is already proving a costly and troublesome exploit. Additionally, current mitigations can lead to performance costs, with increased security on microprocessor decisions on return destinations decreasing overall efficiency. The researchers claim to have seen up to a 28% hit in performance as a result.
Its discoverers are due to present a paper on their findings at the 2022 USENIX Security Conference, on August 12.
Which is the best way to acquire your IT?
Purchase, lease or consumption-based IT solutions
Organisations accelerating their digital workplace achieve improvements
See the biggest return on device investments
Flexible IT models drive efficiency and innovation
A modern approach to infrastructure management
The power to innovate
How to maximise digital transformation