| Summary: | [Tracker] Retbleed: Arbitrary Speculative Code Execution with Return Instructions | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 857951, 858122, 876259 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2022-07-15 03:34:21 UTC
From https://www.openwall.com/lists/oss-security/2022/07/12/2 (XSA-407): "Researchers at ETH Zurich have discovered Retbleed, allowing for arbitrary speculative execution in a victim context. For more details, see: https://comsec.ethz.ch/retbleed ETH Zurich have allocated CVE-2022-29900 for AMD and CVE-2022-29901 for Intel. Despite the similar preconditions, these are very different microarchitectural behaviours between vendors. On AMD CPUs, Retbleed is one specific instance of a more general microarchitectural behaviour called Branch Type Confusion. AMD have assigned CVE-2022-23816 (Retbleed) and CVE-2022-23825 (Branch Type Confusion). For more details, see: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 On Intel CPUs, Retbleed is not a new vulnerability; it is only applicable to software which did not follow Intel's original Spectre-v2 guidance. Intel are using the ETH Zurich allocated CVE-2022-29901. For more details, see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/return-stack-buffer-underflow.html ARM have indicated existing guidance on Spectre-v2 is sufficient." |