Reports are coming in that Intel and AMD processors are still under attack from RETBleed Spectre V2 exploits patched several months ago. The vulnerability goes back to Zen 1, Zen 1+, and Zen 2 processors by AMD and sixth to eighth-generation core processors from Intel.
CPUs from Intel and AMD are still under attack from Spectre V2 vulnerability
The Spectre-V1 and -V2 vulnerabilities discovered over five years ago — CVE-2017-5753 and CVE-2017-5715 — are still active in Intel and AMD CPUs, even after Researchers created patch fixes over the last several months.
Initially, Johannes Wikner and Kaveh Razavi, two security researchers from ETH Zurich, uncovered the CPU vulnerabilities in AMD (CVE-2022-29900) and Intel (CVE-2022-29901) architectures, allowing information to be transmitted employing return commands to guarded areas of the main memory sections of the affected system. While Intel and AMD have received and published several patches since 2018, there has been no success in halting the exploit entirely in any affected processors.
A new vulnerability, RETBleed, has appeared and is starting to see security patch updates from the two chip designers, but with little to no effect.
RETbleed (CVE-2022-29900 and CVE-2022-29901) is the newest threat to systems, causing speculative execution attacks, exploiting branch target injections to reveal data, also known as Spectre-BTI.
RETbleed is unique in that it exploits return instructions sabotaging existing Spectre-BTI guards. RETBleed is highly complicated but does not threaten consumers due to the amount of effort to affect a system with vulnerability. But, enterprises and other cloud-based systems should be concerned.
Intel is the first company to highlight vulnerability issues plaguing their products in a recently published Security Advisory — Intel-SA-00702 and Intel-SA-00707. The company categorizes RETBleed as a "medium" threat level, posting a CVSS base score of 4.7.
Wilkner and Razavi, as well as other researchers from ETH Zurich, are predicting that the most extensive section for concern is cloud servers. This threat is more significant than just to Intel as AMD is also affected by their EPYC 7252 CPUs classified under the Zen 2-based architecture.
Linux appears safer as patches to thwart and halt RETBleed are already active in the current kernel. Soon, we should start seeing security updates from Microsoft for Windows 10 and 11 operating systems.
"RETbleed: Arbitrary Speculative Code Execution with Return Instructions," a report by Swiss security researchers, offers more information on the vulnerability for interested readers.
News Sources: ComputerBase, Comsec Computer Security Group
