Spectre Never Dies. Retbleed Is A New Speculative Execution Attack Against Older Chips
Patching Will Affect Performance, As Is Tradition
If you had hoped the days of Spectre were behind you, then you haven’t watched enough Bond films. Researchers at ETH Zurich, a public research university in Switzerland have discovered an additional Spectre-BTI (variant 2) attack which they called Retbleed. It is able to replace indirect branch instructions with subroutine return instructions which allows it to completely avoid the retpoline mitigations which have helped with previous Spectre variants.
AMD’s Zen 1, Zen 1+ and Zen 2 are all vulnerable to this attack as are newer Intel Core generations 6 through 8, which includes EPYC and Xeon chips. The good news is that Retbleed is rather hard to exploit, even compared to other Spectre attacks and so the likelihood of encountering exploits in the wild are quite slim especially as it doesn’t affect Windows machines. That may not hold true for targeted attacks unfortunately, as there are those willing to put in the effort to get at a vulnerable AWS or Google Compute Engine instance.
As mentioned, once the patch for Retbleed is made available and installed, you should expect to see between a 13% to 39% negative impact on your processor’s performance. Take a peek at the full scope of the new vulnerability over at The Register.
Intel reached out to ensure that everyone is aware that “Intel worked with our industry mitigation partners, the Linux community and VMM vendors to make mitigations available to customers. Windows systems are not affected as they already have these mitigations by default.” They’ve also sent links to additional details on the vulnerability at Chips & Salsa as well as more technical details here.
Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. Mitigating this side channel is expected to take a toll on performance.