A new attacker Retbleed allegedly performs speculative execution attacks on Intel and AMD CPUs

A new attacker Retbleed has reportedly been performing a speculative execution cyber attack on processors from both Intel and AMD to extract sensitive information. During a speculative execution attack, the threat actor performs command injection to execute arbitrary commands on the host operating system. Such command injection attacks are possible if any application possesses unsafe user-supplied data such as forms, cookies, HTTP, and more to a system shell.

According to security researchers, Retbleed stays focused on instructions to perform a speculative class of execution attack with Spectre.

Reportedly in this case with a speculative execution attack, the compromised CPUs performed computations without any instruction from the owner. In Spectre attacks, the cyber attacker takes advantage by tricking the processor into running sets of instructions to retrieve the user’s sensitive data from the memory of the device.

However, Rapoline which is a software-based solution tries to lower the chances of speculative execution attacks by using return operations to isolate indirect branches. An indirect branch is when there is no clue about the destination address rather it is predicted from already executed branches.

Researchers at ETH Zurich university said while discovering a way to force the prediction of return operations just in case of indirect branches, “We found that we can trigger the microarchitectural conditions, on both AMD and Intel CPUs, that forces returns to be predicted like indirect branches. We also built the necessary tools to discover locations in the Linux kernel where these conditions are met. We found that we can inject branch targets that reside inside the kernel address-space, even as an unprivileged user. Even though we cannot access branch targets inside the kernel address-space — branching to such a target results in a page fault — the Branch Prediction Unit will update itself upon observing a branch and assume that it was legally executed, even if it’s to a kernel address.”

They further stated that by using precise branch history on compromised CPUs it is possible to hijack return instructions. The security researchers have also developed a Retbleed proof of concept (PoC) only for Linux.

Retbleed has been observed to impact Intel Core CPUs from generation 6 (Skylake-2015) through 8 (Coffee lake-2017) and AMD Zen 1, Zen 1+, Zen 2 released between 2017 and 2019.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i=0; i