Microprocessors from both Intel and AMD are carrying a security vulnerability not unlike the Spectre/Meltdown flaws that rocked the entire computer industry a few years ago, researchers are saying.
Two researchers from ETH Zurich, one doctoral student Johannes Wikner, and one professor for computer security, Kaveh Razavi, said that the discovered flaw allows abusers access to kernel memory, and given the nature of the flaw, fixing it also means slowing the chips down.
The flaw is dubbed Retbleed, and revolves around the chips’ speculative calculations. “When computers execute special calculation steps to compute faster, they leave traces that hackers could abuse,” the researchers said.
Exploiting the flaw
These traces can be exploited, the researchers further found, giving threat actors unauthorized access to any information in the target endpoint (opens in new tab), which includes encryption keys, passwords, and other secrets.
The flaw is particularly risky in cloud environments, the researchers further said, where multiple companies share the same systems. In other words, one vulnerability could expose the secrets of multiple companies.
The National Center for Cyber Security in Bern, Switzerland considers the vulnerability serious because the affected processors are in use worldwide, the researchers sad.
“We have shown that with speculative execution, a particularly large number of return statements are vulnerable and can be hijacked,” says Wikner. In principle, “Retbleed” works like variant 2 of “Spectre” and affects Intel and AMD microprocessors.
“Since the mitigation measures taken so far did not take the return instructions into account, most existing microprocessor computer systems are vulnerable to ‘Retbleed’,” Razavi adds. “However, it takes some computer expertise to gain memory access and steal information,” Wikner says.
The silver lining is that while older chips may be more vulnerable, newer architecture makes pulling these attacks off somewhat difficult. Still, fixing the issue means impacting the performance of the devices.
“Retbleed’s patch overhead is going to between 13 percent and 39 percent,” the two researchers said. “Mitigating Phantom JMPs has 106 percent overhead (ie, 2 times slower).”
Retbleed is being tracked as CVE-2022-29900 for AMD, and CVE-2022-29901 and CVE-2022-28693 for Intel. CVE-2022-23816 and CVE-2022-23825 have also been designated to Retbleed on AMD.