Connect with us

Cybersecurity

Retbleed: Specter V2 CPU vulnerability not fully closed

Published

on

retbleed specter v2 cpu vulnerability not fully closed.jpg

Specter-type vulnerabilities can still be exploited on many processors, including those that appeared after the Specter shock.

Specter-type processor vulnerabilities uncovered in 2018 remain exploitable despite all previous countermeasures. With cleverly designed return commands – hence the name Retbleed – it is possible to read data fragments from supposedly protected RAM memory areas. This is what the security researchers Johannes Wikner and Kaveh Razavi from ETH Zurich found out.

The CVE entries CVE-2022-29900 (for AMD processors) and CVE-2022-29901 (Intel) have been assigned to the retbleed vulnerabilities.

Intel addresses retbleed in the Security Advisories Intel-SA-00702 (Intel Processors Return Stack Buffer Underflow Advisory) and Intel-SA-00707 (Intel Processors RRSBA Advisory, CVE-2022-28693). Intel rates the level of danger as “medium” with a CVSS base score of 4.7.

Specter V2 type

Retbleed uses similar side channels in the CPU microarchitecture as other Specter V2 aka Branch Target Injection (BTI) type vulnerabilities. However, the experts from Switzerland proved that they could also use Retbleed to elicit data from the kernel address space of the working memory of systems with all Anti-Spectre patches.

However, the Proof of Concept (PoC) delivered data at only 219 bytes per second (bytes/s) with an Intel processor of the Coffee Lake generation and would therefore have to run for a very long time to be successful. With an AMD processor with cores from the Zen 2 generation presented in 2019, it was at least 3.9 Kbytes/s.

 

Retbleed works on many processors that are still in use.

Retbleed works on many processors that are still in use.

 

 

Danger for cloud servers

As the more than 14-page description of the retbleed attack technique shows, it is very complicated. Therefore, like many other Specter attacks, Retbleed probably does not pose an additional threat to typical desktop PCs and notebooks with Windows.

Specter-type side-channel attacks are particularly relevant for cloud servers and for systems that process very sensitive data and are therefore heavily isolated.

Against this background, it is surprising that experts who research such complex security gaps very often use notebooks and desktop PCs with AMD Ryzen and Intel Core i processors intended for private individuals. Also for Retbleed, the only server processor examined was an AMD Epyc 7252 (Rome, Zen 2) and not a single Intel Xeon.

Copyright © 2017 Zox News Theme. Theme by MVP Themes, powered by WordPress.