acm-header
Sign In

Communications of the ACM

Home/News/'Retbleed' Speculative Execution Attack Affects AMD.../Full Text
ACM TechNews

'Retbleed' Speculative Execution Attack Affects AMD, Intel CPUs

By The Hacker News
July 18, 2022
Comments
View as: Print Mobile App Share:

The most serious attack vector for Retbleed is likely through cloud platforms such as Azure, AWS, and Google Cloud Platform, each of which operate massive numbers of servers.

Credit: duo.com

The "Retbleed" flaw discovered by Johannes Wikner and Kaveh Razavi at ETH Zurich in Switzerland targets older AMD and Intel central processing units as a channel for Spectre-based speculative-execution attacks.

Retbleed is engineered to circumvent "return trampoline" (Retpoline) branch target injection countermeasures.

"Retbleed aims to hijack a return instruction in the kernel to gain arbitrary speculative code execution in the kernel context," explained Wikner and Razavi. "With sufficient control over registers and/or memory at the victim return instruction, the attacker can leak arbitrary kernel data."

To mitigate the potential threat, AMD has unveiled Jmp2Ret, while Intel has recommended employing enhanced Indirect Branch Restricted Speculation, even if Retpoline mitigations are implemented.

From The Hacker News
View Full Article

 

Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account