Retbleed: Another New Spectre-BTI Attack Discovered

What is the Retbleed?

• Researchers from ETH Zurich have revealed that threat actors can exploit two new vulnerabilities, collectively called Retbleed, to obtain sensitive data and passwords from memory. 
• These vulnerabilities are tracked as CVE-2022-29900 and CVE-2022-29901 and affect older chips from Intel and AMD - AMC Zen 1, Zen 1+, Zen 2, and Intel Core generation 6-8. 
• This is the latest side-channel attack discovered in less than a month, following the disclosure of the Hertzbleed attack. 
• The new attack circumvents the Retpolines defense system that was introduced in 2018 to prevent Spectre-Branch Target Injection (BTI) attacks.
• Researchers explain that it is unlike its previous variants that are triggered by exploiting indirect jumps or calls. Retbleed exploits return instructions to undermine the Spectre-BTI defenses.

A glance at Hertzbleed attack

• Hertzbleed attack takes advantage of flaws (CVE-2022-24436 and CVE-2022-23823) in modern chips of Intel and AMD.
• The attack can allow an attacker to extract cryptographic keys from remote servers by observing variations in CPU frequency enabled by Dynamic Voltage and Frequency Scaling (DVFS).
• While Intel claimed that the weakness affects all of its processors, AMD revealed that Hertzbleed affects devices using Zen 2 and Zen 3 microarchitectures.
• Currently, there is no patch available for the attack and companies have provided workarounds to protect the affected processors.

How to mitigate Retbleed?