New Retbleed attack could steal key data from Intel and AMD processors

- Advertisement -

Some microprocessors from Intel as well as AMD are vulnerable to a recently discovered speculative execution attack that could surreptitiously leak password data and other sensitive material, forcing both chipmakers to once again fight what turns out to be a stubborn vulnerability.

- Advertisement -

Researchers at ETH Zurich named their attack Retbleed because it uses a software defense known as retpoline, which chip makers introduced in 2018 to mitigate the detrimental effects of speculative execution attacks. Speculative execution attacks, also known as Ghost, exploit the fact that when modern processors encounter a direct or indirect instruction branch, they predict the address of the next instruction they are about to receive and automatically execute it before the prediction is confirmed. Specter works by tricking the CPU into executing an instruction that accesses sensitive data in memory that would normally be inaccessible to a low-privileged application. Retbleed then fetches the data after canceling the operation.

Is it a trampoline or a slingshot?

Retpoline works by using a series of backtracking operations to isolate indirect branches from speculative execution attacks, effectively creating a software equivalent of a trampoline that makes them bounce safely. In other words, the retpoline works by replacing indirect jumps and calls with retracements that many researchers thought were unresponsive. Protection was designed to counter option 2 original attacks with speculative execution since January 2018. This variant, abbreviated as BTI, causes the indirect branch to execute what is known as the gadget code, which in turn creates a data leak through the side channel.

- Advertisement -

Some researchers warned for years this retpoline is insufficient to mitigate speculative execution attacks because the return retpoline used was susceptible to BTI. Linux creator Linus Torvalds famously dismissed such warningsarguing that such exploits are impractical.

ETH Zurich researchers convincingly shown that retpoline is insufficient to prevent speculative execution attacks. Their Retbleed proof of concept works with Intel processors with Kaby Lake and Coffee Lake microarchitectures, as well as AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.

“Retpoline, as a Specter-BTI mitigation, does not treat return instructions as an attack vector,” researchers Johannes Wikner and Kaveh Razavi wrote. “While it is possible to protect return instructions by adding a valid entry to the RSB return stack buffer before executing the return instruction, treating each return as potentially usable in this way would introduce a huge overhead. Previous work attempted to conditionally refill the RSB with safe return targets whenever a per-processor counter that tracks call stack depth reaches a certain threshold, but this has never been approved for upstream. In light of Retbleed, Intel is revisiting this easing, but a different strategy is required for AMD processors.”

In an email, Razavi explained it this way:

Variant 2 of Specter used indirect branches to get arbitrary speculative execution in the kernel. Indirect branches have been converted to throwbacks using a retpoline to soften the Specter 2 variant.

Retbleed shows that return instructions unfortunately leak under certain conditions, like indirect branches. Unfortunately, these conditions are common on both Intel platforms (Skylake and Skylake) and AMD platforms (Zen, Zen+ and Zen2). This means that the retpoline was, unfortunately, an inadequate mitigation to begin with.

In response to the study, both Intel and AMD have advised customers to take new mitigation measures that the researchers say will add overhead to operations by as much as 28 percent.

Retbleed can leak core memory from Intel processors at about 219 bytes per second and with 98 percent accuracy. The exploit can extract core memory from AMD processors with a bandwidth of 3.9 KB per second. The researchers said it was able to find and merge the Linux root password hash from physical memory in about 28 minutes on Intel processors and in about six minutes on AMD processors.

Retbleed works by using code that essentially poisons the branch predictor that processors rely on to make their guesses. Once the poisoning is complete, this BPU will make incorrect predictions that the attacker can control.

“We found that we can inject branch targets that are inside the kernel address space, even as a non-privileged user,” the researchers wrote in a blog post. “Even though we can’t access target branches inside the kernel address space—branching to such a target causes a page fault—the branch predictor will update itself when it finds a branch and assume it was executed legally, even if it was sent to the kernel address”.

Response from Intel and AMD

Both Intel and AMD responded with recommendations. Intel has confirmed that the vulnerability exists in Skylake generation processors, which lack a protection known as Indirect Branch Restricted Extended Speculation (eIBRS).

“Intel has worked with the Linux community and VMM vendors to provide customers with software remedial guidance that should be available on or around today’s public disclosure date,” Intel wrote in its report. Blog Post. “Note that Windows systems are unaffected, given that these systems use Indirect Limited Branch Speculation (IBRS) by default, which is also a mitigation available to Linux users. Intel is not aware that this issue is being exploited outside of a controlled lab environment.”

Meanwhile, AMD also published guide. “As part of its ongoing work to identify and respond to new potential vulnerabilities, AMD encourages software vendors to consider taking additional measures to protect against Specter-like attacks,” the spokesperson wrote in an email. The company also released a white paper.

Both the researchers’ research paper and the blog post explain the microarchitectural conditions required to use Retbleed:

Intel. At Intel, returns begin to behave like indirect jumps when the return stack buffer, which contains target return predictions, overflows. This happens when doing deep call stacks. In our evaluation, we found over a thousand such conditions that can be triggered by a system call. An indirect branch target predictor for Intel processors has been studied in previous job.

AMD. In AMD, returns will behave like an indirect branch regardless of the state of their return address stack. In fact, by poisoning the return instruction with an indirect branch, AMD’s branch predictor assumes that it will encounter an indirect branch instead of a return, and therefore predicts the target of the indirect branch. This means that any return we can get via a system call can be used – and there are many.

In an email, Razavi added, “Retbleed is more than just a retpoline bypass on Intel, especially on AMD machines. In fact, AMD is about to release a white paper addressing Retbleed-based branch type confusion. Essentially, Retbleed makes AMD processors confuse return instructions with indirect jumps. This makes using return on AMD processors very trivial.”

Eliminating the consequences will require costs, which, according to researchers, will amount to 12 to 28 percent of additional computing costs. Organizations that rely on vulnerable CPUs should carefully read the publications of researchers, Intel, and AMD, and be sure to follow mitigation recommendations.

This story originally appeared on Ars Technique.

Credit: /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox