IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

‘Retbleed’ threatens a wide range of microprocessors, using a vector thought safe that adds to its problematic nature

A graphic of a red CPU with a white skull and crossbones on it, placed upon a grey background

Researchers at ETH Zurich have discovered a serious hardware vulnerability in Intel and AMD microprocessors, affecting all Linux operating systems that use the affected chips.

Doctoral student Johannes Wikner and assistant professor Kaveh Razavi discovered the vulnerability, and dubbed it ‘Retbleed’. This name stems from the vulnerability's methodology, exploiting the messy way that processors handle return instructions, which occur after a function has been executed. In a blog post 

Related Resource

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Whitepaper cover with title and green rectangular graphic top rightFree Download

By hijacking speculative execution processes, Retbleed can leak kernel memory from Intel and AMD CPUs, as well as the root password hash for Linux systems using the affected CPUs. Any system using an Intel CPU from generations 6-8, or AMD Zen1, Zen1+ and Zen2 is likely affected.

To end, Retbleed represents a very widespread and severe threat to the security of hardware to the majority of business PCs, given the vast market share enjoyed by both Intel and AMD.

Speculative execution is used to access computational steps before it has been confirmed that they are necessary for the process; in effect, the processor ‘guesses’ what might be needed before finishing the chain of instructions to speed things up and improve its overall power. Unneeded speculative calculations are discarded, but leave a trace in the cache that hackers can use as a backdoor. This can be used to gain access to information in the memory, which could be highly sensitive.

In this way, Retbleed is similar to Spectre, which was discovered in 2018 and caused widespread alarm in the computing world. Although Intel and AMD have since mitigated Spectre, how they did this led to reliance on the exact construct that Retbleed now exploits.

To shield the indirect jumps utilised by many processors, a construct known as Retpoline is utilised, to favour the use of returns. When this was implemented, it was widely believed that returns were not a valid vector of attack, a belief that Retbleed has now disproven.

"Since the mitigation measures taken so far did not take the return instructions into account, most existing microprocessor computer systems are vulnerable to 'Retbleed'," Razavi stated.

Affected manufacturers were made aware of the vulnerability before the general public. They have already taken steps to identify the weaknesses within their processors and enact mitigation measures, with Intel having already released a technical advisory on the subject. Hardware vulnerabilities are not always easily remedied, and can prove next to impossible to patch altogether.

In a statement to IT Pro, Intel offered information on the steps they have taken to protect users:

"Intel worked with our industry mitigation partners, the Linux community and VMM vendors to make mitigations available to customers. Windows systems are not affected as they already have these mitigations by default."

Unfortunately, the researchers have said that mitigations are expensive to implement, with a 14-39% predicted overhead for AMD and Intel patches. As with the hardware-based flaws before it, Retbleed is already proving a costly and troublesome exploit. Additionally, current mitigations can lead to performance costs, with increased security on microprocessor decisions on return destinations decreasing overall efficiency. The researchers claim to have seen up to a 28% hit in performance as a result.

Its discoverers are due to present a paper on their findings at the 2022 USENIX Security Conference, on August 12.

Featured Resources

The COO's pocket guide to enterprise-wide intelligent automation

Automating more cross-enterprise and expert work for a better value stream for customers

Free Download

Introducing IBM Security QRadar XDR

A comprehensive open solution in a crowded and confusing space

Free Download

2021 Gartner critical capabilities for data integration tools

How to identify the right tool in support of your data management solutions

Free Download

Unified endpoint management solutions 2021-22

Analysing the UEM landscape

Free Download

Recommended

What is zero trust?
network security

What is zero trust?

14 Jul 2022
An analysis of the European cyber threat landscape
Whitepaper

An analysis of the European cyber threat landscape

8 Jul 2022
Solve cyber resilience challenges with storage solutions
Whitepaper

Solve cyber resilience challenges with storage solutions

4 Jul 2022
Storage's role in addressing the challenges of ensuring cyber resilience
Whitepaper

Storage's role in addressing the challenges of ensuring cyber resilience

4 Jul 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion
Hardware

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022