Linux : Patches for new Retbleed AMD and Intel microprocessor vulnerability

Topic

New Reply

https://www.ghacks.net/2022/07/13/patches-for-new-retbleed-amd-and-intel-microprocessor-vulnerability-may-have-significant-overhead/

Certain microprocessors from Intel and AMD are vulnerable to a new speculative execution attack related to Spectre Variant 2. Attacks may be used to leak data from kernel memory and mitigations may cause overhead and impact performance of patched systems…

Researchers at ETH Zurich discovered the vulnerabilities, which they named Retbleed. The attacks exploit vulnerabilities in retpoline, a mitigation introduced in 2018 to mitigate certain speculative execution attacks.

The vulnerability was confirmed by the researchers for Linux devices. The researchers state in the FAQ that Windows and Mac systems are affected as well. Intel, on the other hand, stated in a blog post, that company processors on Windows are not affected..

AMD and Intel are not aware of exploits in the wild that target the new vulnerabilities. Patches for major Linux distributions are already being prepared. ..

2 users thanked author for this post.

Charlie, jburk07

Reply | Quote

Replies

This issue seems to be limited to 10 processors from AMD and Intel.

“AMD and Intel are not aware of exploits in the wild”, so not Code Red – yet.

cheers, Paul

1 user thanked author for this post.

jburk07

Reply | Quote

Looks like way more than 9 processors.  There are 18 groups of processors affected by RSBA or RRSBA and each one of those groups has many CPUs listed under it.

https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html

2022 tab in that document and look at RSBA and RRSBA columns.

Reply | Quote

“AMD and Intel are not aware of exploits in the wild”, so not Code Red – yet.

Yet, “Patches for major Linux distributions are already being prepared”. ..

MacOS Intel is probably vulnerable too.

Reply | Quote