Intel and AMD microprocessors have a security vulnerability similar to the Spectre/Meltdown flaws that rocked the entire computer industry a few years ago, researchers say.

Two ETH Zurich researchers, doctoral student Johannes Wikner and computer security professor Kaveh Razavi, said the discovered flaw allows abusers to access kernel memory, and given the nature of the flaw, fixing it also means slowing down users. chips. .

The flaw is called Retbleed and revolves around speculative chip calculations. "When computers take special computational steps to calculate faster, they leave behind traces that hackers could abuse," the researchers said.

Fault Exploitation

These traces can be exploited, researchers discovered, giving threat actors unauthorized access to all information on the target endpoint (opens in a new tab), including encryption keys, passwords, and more passwords and other secrets. .

The flaw is particularly risky in cloud environments, the researchers added, where multiple companies share the same systems. In other words, a vulnerability could reveal the secrets of multiple companies.

The National Cyber ​​Security Center in Bern, Switzerland, considers the vulnerability serious because the affected processors are used all over the world, the researchers say.

"We show that with speculative execution, a particularly high number of return instructions are vulnerable and can be hacked," says Wikner. In principle, "Retbleed" works like "Spectre" variant 2 and affects both Intel and AMD microprocessors.

"Because the mitigations taken so far did not take feedback instructions into account, most existing microprocessor-based computing systems are vulnerable to 'Retbleed,'" Razavi adds. "However, it takes some computing expertise to access memory and steal information," says Wikner.

The silver lining is that while older chips may be more vulnerable, the newer architecture makes it a bit harder to suppress these attacks. However, fixing the problem means affecting the performance of the devices.

"The cost overrun for Retbleed patches is between 13% and 39%," the two researchers said. "Ghost JMP mitigation has 106% overhead (i.e. 2x slower)."

Retbleed is tracked as CVE-2022-29900 for AMD and CVE-2022-29901 and CVE-2022-28693 for Intel. CVE-2022-23816 and CVE-2022-23825 have also been flagged for Rebleed on AMD.

Share This