Retbleed hardware-level flaw brings overhead woe to Intel and AMD

‘Retbleed’ threatens a wide range of microprocessors, using a vector thought safe that adds to its problematic nature

13 Jul 2022

.polaris__post-meta--date { display: none; } .polaris__post-meta--date.no-script { display: block; padding-left: 45px } 13 Jul 2022

A graphic of a red CPU with a white skull and crossbones on it, placed upon a grey background

Researchers at ETH Zurich have discovered a serious hardware vulnerability in Intel and AMD microprocessors, affecting all Linux operating systems that use the affected chips.

Doctoral student Johannes Wikner and assistant professor Kaveh Razavi discovered the vulnerability, and dubbed it ‘Retbleed’. This name stems from the vulnerability's methodology, exploiting the messy way that processors handle return instructions, which occur after a function has been executed. In a blog post

Related Resource

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Whitepaper cover with title and green rectangular graphic top right

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1657121008/itpro/Whitepaper%20covers/The_Total_Economic_Impact_Of_IBM_FlashSystem.jpg { display: none !important; }

Free Download

By hijacking speculative execution processes, Retbleed can leak kernel memory from Intel and AMD CPUs, as well as the root password hash for Linux systems using the affected CPUs. Any system using an Intel CPU from generations 6-8, or AMD Zen1, Zen1+ and Zen2 is likely affected.

To end, Retbleed represents a very widespread and severe threat to the security of hardware to the majority of business PCs, given the vast market share enjoyed by both Intel and AMD.

Speculative execution is used to access computational steps before it has been confirmed that they are necessary for the process; in effect, the processor ‘guesses’ what might be needed before finishing the chain of instructions to speed things up and improve its overall power. Unneeded speculative calculations are discarded, but leave a trace in the cache that hackers can use as a backdoor. This can be used to gain access to information in the memory, which could be highly sensitive.

In this way, Retbleed is similar to Spectre, which was discovered in 2018 and caused widespread alarm in the computing world. Although Intel and AMD have since mitigated Spectre, how they did this led to reliance on the exact construct that Retbleed now exploits.

To shield the indirect jumps utilised by many processors, a construct known as Retpoline is utilised, to favour the use of returns. When this was implemented, it was widely believed that returns were not a valid vector of attack, a belief that Retbleed has now disproven.

"Since the mitigation measures taken so far did not take the return instructions into account, most existing microprocessor computer systems are vulnerable to 'Retbleed'," Razavi stated.

Affected manufacturers were made aware of the vulnerability before the general public. They have already taken steps to identify the weaknesses within their processors and enact mitigation measures, with Intel having already released a technical advisory on the subject. Hardware vulnerabilities are not always easily remedied, and can prove next to impossible to patch altogether.

In a statement to IT Pro, Intel offered information on the steps they have taken to protect users:

"Intel worked with our industry mitigation partners, the Linux community and VMM vendors to make mitigations available to customers. Windows systems are not affected as they already have these mitigations by default."

Unfortunately, the researchers have said that mitigations are expensive to implement, with a 14-39% predicted overhead for AMD and Intel patches. As with the hardware-based flaws before it, Retbleed is already proving a costly and troublesome exploit. Additionally, current mitigations can lead to performance costs, with increased security on microprocessor decisions on return destinations decreasing overall efficiency. The researchers claim to have seen up to a 28% hit in performance as a result.

Its discoverers are due to present a paper on their findings at the 2022 USENIX Security Conference, on August 12.

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1669126439/itpro/Whitepaper%20covers/IT_best_practices_for_accelerating_the_journey_to_carbon_neutrality_thumb.png { display: none !important; }

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1625833932/itpro/Whitepaper%20covers/The_Total_Economic_Impact__Of_IBM_Spectrum_Virtualize.jpg { display: none !important; }

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1666799702/itpro/Whitepaper%20covers/Using_Application_Migration_and_Modernization_to_Supercharge_thumb.png { display: none !important; }

Free Download

The strategic CFO

Why finance transformation propels business value

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1674657988/itpro/Whitepaper%20covers/The_Strategic_CFO_thumb.png { display: none !important; }

Free Download