New Retbleed Speculative Execution CPU Attack Bypasses Retpoline Fixes
Security researchers have discovered a new speculative execution attack called Retbleed that affects processors from both Intel and AMD and could be used to extract sensitive information.
Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre.
The issue impacts Intel Core CPUs from generation 6 (Skylake – 2015) through 8 (Coffee Lake – 2017) and AMD Zen 1, Zen 1+, Zen 2 released between 2017 and 2019.
Leveraging return instructions
Speculative execution is an optimization technique that allows CPUs to perform computations before knowing if they are required by future tasks.
When the destination address is known, a direct branch contained in the instruction is followed. An indirect branch occurs when there is no clue about the destination but it is predicted from already executed branches.
Spectre attacks take advantage of these guesses, tricking the processor into running instructions that require sensitive data from the memory.
Retpoline was released a software-based solution to mitigate speculative execution attacks by using return operations to isolate indirect branches.
However, researchers at ETH Zurich university found a way to force the prediction of the return operations just like in the case of indirect branches, and to inject branch targets in the kernel address-space, regardless of the user’s privileges.
We found that we can trigger the microarchitectural conditions, on both AMD and Intel CPUs, that forces returns to be predicted like indirect branches. We also built the necessary tools to discover locations in the Linux kernel where these conditions are met.
We found that we can inject branch targets that reside inside the kernel address-space, even as an unprivileged user. Even though we cannot access branch targets inside the kernel address-space — branching to such a target results in a page fault — the Branch Prediction Unit will update itself upon observing a branch and assume that it was legally executed, even if it’s to a kernel address.
The researchers further explain in a technical paper on Retbleed that using a precise branch history on Intel CPUs, it is possible to hijack all return instructions that “follow sufficiently-deep call stacks.”
In the case of AMD processors, it is possible to hijack any return instructions if the previous branch destination was chosen correctly during branch poisoning.
PoC in action
The researchers also published a video that shows how Retbleed can be used to leak kernel memory on Intel and AMD processors:
For Intel processors, the vulnerability is tracked as CVE-2022-29901. Intel has released a security advisory recommending the use of Indirect Branch Restricted Speculation (IBRS) instead of retpoline.
IBRS is available by default on Windows systems, so no update is required. Intel worked with the Linux community to create updates that address the Retbleed issue.
For AMD CPUs, Retbleed is tracked as CVE-2022-29900. The company released guidance to mitigate the issue that could lead to the disclosure of sensitive information.
Although ETH Zurich researchers developed a Retbleed proof of concept (PoC) only for Linux, the vulnerability affects other operating systems, too, because it is hardware related.