Spectre Never Dies. Retbleed Is A New Speculative Execution Attack Against Older Chips

Source: The Register Spectre Never Dies. Retbleed Is A New Speculative Execution Attack Against Older Chips

Patching Will Affect Performance, As Is Tradition

If you had hoped the days of Spectre were behind you, then you haven’t watched enough Bond films.  Researchers at ETH Zurich, a public research university in Switzerland have discovered an additional Spectre-BTI (variant 2) attack which they called Retbleed.  It is able to replace indirect branch instructions with subroutine return instructions which allows it to completely avoid the retpoline mitigations which have helped with previous Spectre variants.

AMD’s Zen 1, Zen 1+ and Zen 2 are all vulnerable to this attack as are newer Intel Core generations 6 through 8, which includes EPYC and Xeon chips.  The good news is that Retbleed is rather hard to exploit, even compared to other Spectre attacks and so the likelihood of encountering exploits in the wild are quite slim especially as it doesn’t affect Windows machines.  That may not hold true for targeted attacks unfortunately, as there are those willing to put in the effort to get at a vulnerable AWS or Google Compute Engine instance.

As mentioned, once the patch for Retbleed is made available and installed, you should expect to see between a 13% to 39% negative impact on your processor’s performance.  Take a peek at the full scope of the new vulnerability over at The Register.

Intel reached out to ensure that everyone is aware that “Intel worked with our industry mitigation partners, the Linux community and VMM vendors to make mitigations available to customers. Windows systems are not affected as they already have these mitigations by default.”   They’ve also sent links to additional details on the vulnerability at Chips & Salsa as well as more technical details here.

Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. Mitigating this side channel is expected to take a toll on performance.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.


  1. Isaac Johnson

    The gift that keeps on giving. Nice Bond reference by the way, they just keep coming back.

    • Jeremy Hellstrom

      Cheers, I’m ready for Hydra jokes but I’m glad they went with a Bond villain as they are so much more fun.


Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!