• Latest
  • Trending
New Retbleed speculative execution CPU attack bypasses Retpoline fixes

New Retbleed speculative execution CPU attack bypasses Retpoline fixes

July 15, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
Sabrent Rocket V90 SDXC Memory Card

Sabrent Rocket V90 SDXC Memory Card

July 15, 2022
addlink Unveils SPIDER X5 DDR5 RGB Memory and A95 and A90 Lite SSDs

addlink Unveils SPIDER X5 DDR5 RGB Memory and A95 and A90 Lite SSDs

July 15, 2022
Corsair Dominator Platinum DDR5 Achieves DDR5-6600

Corsair Dominator Platinum DDR5 Achieves DDR5-6600

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Monday, 15 August, 2022
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

New Retbleed speculative execution CPU attack bypasses Retpoline fixes

by ITECHNEWS
July 15, 2022
in Infosec, Leading Stories
0 0
0
New Retbleed speculative execution CPU attack bypasses Retpoline fixes

Security researchers have discovered a new speculative execution attack called Retbleed that affects processors from both Intel and AMD and could be used to extract sensitive information.

Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre.

YOU MAY ALSO LIKE

Fibre optic interconnection linking Cameroon and Congo now operational

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

The issue impacts Intel Core CPUs from generation 6 (Skylake – 2015) through 8 (Coffee Lake – 2017) and AMD Zen 1, Zen 1+, Zen 2 released between 2017 and 2019.

Leveraging return instructions

Speculative execution is an optimization technique that allows CPUs to perform computations before knowing if they are required by future tasks.

When the destination address is known, a direct branch contained in the instruction is followed. An indirect branch occurs when there is no clue about the destination but it is predicted from already executed branches.

Spectre attacks take advantage of these guesses, tricking the processor into running instructions that require sensitive data from the memory.

Retpoline was released a software-based solution to mitigate speculative execution attacks by using return operations to isolate indirect branches.

However, researchers at ETH Zurich university found a way to force the prediction of the return operations just like in the case of indirect branches, and to inject branch targets in the kernel address-space, regardless of the user’s privileges.

We found that we can trigger the microarchitectural conditions, on both AMD and Intel CPUs, that forces returns to be predicted like indirect branches. We also built the necessary tools to discover locations in the Linux kernel where these conditions are met.

We found that we can inject branch targets that reside inside the kernel address-space, even as an unprivileged user. Even though we cannot access branch targets inside the kernel address-space — branching to such a target results in a page fault — the Branch Prediction Unit will update itself upon observing a branch and assume that it was legally executed, even if it’s to a kernel address.

The researchers further explain in a technical paper on Retbleed that using a precise branch history on Intel CPUs, it is possible to hijack all return instructions that “follow sufficiently-deep call stacks.”

In the case of AMD processors, it is possible to hijack any return instructions if the previous branch destination was chosen correctly during branch poisoning.

PoC in action

The researchers also published a video that shows how Retbleed can be used to leak kernel memory on Intel and AMD processors:

For Intel processors, the vulnerability is tracked as CVE-2022-29901. Intel has released a security advisory recommending the use of Indirect Branch Restricted Speculation (IBRS) instead of retpoline.

IBRS is available by default on Windows systems, so no update is required. Intel worked with the Linux community to create updates that address the Retbleed issue.

For AMD CPUs, Retbleed is tracked as CVE-2022-29900. The company released guidance to mitigate the issue that could lead to the disclosure of sensitive information.

Although ETH Zurich researchers developed a Retbleed proof of concept (PoC) only for Linux, the vulnerability affects other operating systems, too, because it is hardware related.

The technical paper on Retbleed has been published and the researchers will present the vulnerability on August 10 at the Usenix Security conference.

Source: Ionut Ilascu
Via: bleepingcomputer
Tags: New Retbleed speculative execution CPU attack bypasses Retpoline fixes
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022

Recent News

  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Ericsson and MTN Rwandacell Discuss their Long-Term Partnership July 15, 2022
  • Airtel Africa Purchases $42M Worth of Additional Spectrum July 15, 2022
  • Huawei steps up drive for Kenyan talent July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version