Researchers have discovered a new attack technique that exploits the speculative execution feature of modern CPUs to leak potentially sensitive information from the kernel's memory. The attack circumvents some of the software defences some operating systems put in place to prevent previous exploits of this nature.
The attack, dubbed Retbleed by researchers from Swiss university ETH Zurich, works against both Intel and AMD CPUs. On Intel it's tracked as CVE-2022-29901 and impacts CPU generations 6, 7 and 8 although to different extents and depending on the mitigations used by the operating system. On AMD it's tracked as CVE-2022-29900 and impacts AMD Zen 1, Zen 1+ and Zen 2 CPUs.
What is Retbleed?
Retbleed falls in the same class of attacks as Spectre, an attack announced in January 2018 that kicked off several years of academic research into security issues related to speculative execution, a mechanism that modern CPUs use to increase performance.
Speculative execution is a CPU feature that uses internal algorithms to attempt to guess in advance the path a program's execution will take when it will reach a conditional branch in the code.
The goal is to execute instructions down the predicted path in advance and store the results, which can include sensitive information, in CPU caches temporarily to serve them when and if the program's execution flow needs them. If the prediction proves to be incorrect, the results are discarded.
With the Spectre class of attacks, researchers proved that malicious code can use various techniques to intentionally guide CPUs to execute code paths that would reveal sensitive information and then extract that information from caches using side-channel techniques. Since 2018 researchers have discovered many variations of Spectre, using different methods to force mispredictions.
Intel and AMD responded by adding hardware-based mitigations: indirect branch restricted speculation (IBRS) and later enhanced indirect branch restricted speculation (eIBRS) for Intel and CSV2 for AMD. Meanwhile Google researchers proposed a software-based mitigation technique called retpoline that was adopted by some operating system and hypervisor vendors.
"Unlike its siblings, who trigger harmful branch target speculation by exploiting indirect jumps or calls, Retbleed exploits return instructions," the ETH Zurich researchers said in their report. "This means a great deal, since it undermines some of our current Spectre-BTI defences."
Namely, the retpoline mitigation consists of replacing indirect jumps and calls with returns because back in 2018 it was deemed impractical to exploit returns because under normal conditions returns are not predicted as indirect branches. However, the ETH Zurich researchers found conditions to allow such exploitation and they're more common than previously believed.
"On Intel, returns start behaving like indirect jumps when the return stack buffer, which holds return target predictions, is underflowed," they explain. "This happens upon executing deep call stacks. In our evaluation, we found over a thousand of such conditions that can be triggered by a system call."
"On AMD, returns will behave like an indirect branch regardless of the state of their return address stack," the researchers added.
"In fact, by poisoning the return instruction using an indirect jump, the AMD branch predictor will assume that it will encounter an indirect jump instead of a return and consequentially predict an indirect branch target. This means that any return that we can reach through a system call can be exploited â€” and there are tons of them."
Impact and mitigations for Retbleed
The researchers developed their proof-of-concept attack on Linux and coordinated disclosure with the Linux kernel developers and Intel. Fixing the retpoline implementation on Linux required changes to 68 files, adding 1,783 new lines of code and removing 387 lines. The new mitigation also comes with a performance cost that the researchers estimate is between 14 per cent and 39 per cent.
Windows and Apple computers with impacted CPUs are also theoretically affected since this is a microarchitectural issue. However, in its own security advisory Intel said that the "Windows operating system uses IBRS by default, so no update is required".
Intel refers to the Retbleed attack as Return Stack Buffer Underflow (RSBU) and says in its updated developer guidance that "enabling IBRS (including enhanced IBRS) will mitigate the RSBU attack".
EIBRS is more performant than the standard IBRS, but some older Skylake-generation CPUs don't support the mitigation, which is why some operating system vendors or virtual machine managers didn't enable the less performant IBRS by default and used the software-based retpoline mitigation instead, and retpoline is vulnerable to this attack.
Intel updated its table of CPUs affected by "transient attacks" including Retbleed/RSBU and plans to provide microcode updates for some of the CPUs.
Meanwhile, AMD has determined that Retbleed is one instance of a more general microarchitecture behaviour that the company's engineers have dubbed Branch Type Confusion (CVE-2022-23825). The vendor released new developer guidance for mitigating this class of issues.
Hypervisor vendors such as Xen and Citrix released their own advisories and patches. Xen released patches only to address the issue on some AMD CPUs saying that "for ARM and Intel CPUs, Xen implemented the vendor-recommended defaults in XSA-254 and follow-on fixes" and that no further fixes are required at this time.
However, administrators who deviated from the default mitigations should re-evaluate their threat models because they might be affected. Citrix's patches also only address AMD Zen 1 and AMD Zen 2 CPUs, as the company determined its hypervisor running on AMD Zen 3 and Intel CPUs is not impacted.