New ‘Retbleed’ Attack Can Swipe Key Data From Intel and AMD CPUs

The speculative execution attack that can covertly leak password data and other sensitive material is a persistent vulnerability that has sent both chipmakers scrambling once again.

The attack Retbleed was named after it because it exploits a software defense known as retpoline, which chipmakers used to mitigate the effects of speculative execution attacks. When modern computers encounter a direct or indirect instruction branch, they predict the address for the next instruction they're about to receive and execute it before the prediction is confirmed. A low-privileged application is usually off-limits to sensitive data in memory when it's tricked into executing an instruction. After the operation is called off, retbleed extracts the data.

Is it a trampoline or a shooting star?

The software equivalent of a trampoline is erected when Retpoline uses a series of return operations to prevent indirect branches from being attacked. Stated differently, a retpoline works by replacing indirect jumps and calls with returns, which many researchers assumed weren't vulnerable. The defense was designed to counter variant 2 of the attacks. The variant forces an indirect branch to execute code that creates data to leak through a side channel.

Researchers have warned for years that retpoline isn't enough to mitigate speculative execution attacks because the returns retpoline used were susceptible toBTI Linux creator Linus Torvalds was the one who rejected the warnings.

Retpoline is not enough to prevent speculative execution attacks. The Retbleed proof-of-concept works against the Kaby Lake and Coffee Lake microarchitectures.

The researchers wrote that retpoline fails to consider return instructions as an attackvector. It is possible to defend return instructions by adding a valid entry to the return stack buffer, but treating every return as potentially exploitable would impose a huge overhead. When a perCPU counter that tracks the call stack depth reaches a certain threshold, it was never approved for upstream. In the light of Retbleed, this mitigation is being re- evaluated by Intel.

Razavi explained it in an email.

The variant 2 used indirect branches to get speculative execution. The retpo line was used to convert indirect branches to returns.

Return instructions leak under certain conditions. The conditions are common on both platforms. Retpoline was an inadequate solution to begin with.

According to the researchers, new mitigations will add up to 28 percent more overhead to operations.