The "Retbleed" flaw discovered by Johannes Wikner and Kaveh Razavi at ETH Zurich in Switzerland targets older AMD and Intel central processing units as a channel for Spectre-based speculative-execution attacks.
Retbleed is engineered to circumvent "return trampoline" (Retpoline) branch target injection countermeasures.
"Retbleed aims to hijack a return instruction in the kernel to gain arbitrary speculative code execution in the kernel context," explained Wikner and Razavi. "With sufficient control over registers and/or memory at the victim return instruction, the attacker can leak arbitrary kernel data."
To mitigate the potential threat, AMD has unveiled Jmp2Ret, while Intel has recommended employing enhanced Indirect Branch Restricted Speculation, even if Retpoline mitigations are implemented.
From The Hacker News
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA