Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 857951 - kernel: Retbleed: Arbitrary Speculative Code Execution with Return Instructions
Summary: kernel: Retbleed: Arbitrary Speculative Code Execution with Return Instructions
Status: CONFIRMED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://git.kernel.org/pub/scm/linux/...
Whiteboard:
Keywords:
Depends on: 863458 863467 863647
Blocks: CVE-2022-23816, CVE-2022-23825, CVE-2022-29900, CVE-2022-29901, retbleed
  Show dependency tree
 
Reported: 2022-07-14 13:08 UTC by Alice Ferrazzi
Modified: 2022-10-15 02:50 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alice Ferrazzi Gentoo Infrastructure gentoo-dev 2022-07-14 13:08:18 UTC 
"On AMD CPUs, Retbleed is one specific instance of a more general
microarchitectural behaviour called Branch Type Confusion.  AMD have
assigned CVE-2022-23816 (Retbleed) and CVE-2022-23825 (Branch Type
Confusion)."
from: https://comsec.ethz.ch/research/microarch/retbleed/

mitigation patches:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce114c866860

Reproducible: Always
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-15 03:31:52 UTC 
Rather confusing set of CVEs here.

Relevant oss-security thread: https://www.openwall.com/lists/oss-security/2022/07/12/5

The AMD vulnerabilities are AMD-issued CVE-2022-23816 and CVE-2022-23825, and the "Switzerland Government Common Vulnerability Program"-issued CVE-2022-29900.

CVE-2022-23816 (still unpublished) and CVE-2022-23825 together seem to refer to the same vulnerability tracked by CVE-2022-29900.

Seems like the kernel fix is not in a release yet.

Intel is using the Swiss CVE assignment of CVE-2022-29901.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-15 03:45:59 UTC 
From https://www.openwall.com/lists/oss-security/2022/07/12/2 (XSA-407):

Researchers at ETH Zurich have discovered Retbleed, allowing for
arbitrary speculative execution in a victim context.

For more details, see:
  https://comsec.ethz.ch/retbleed

ETH Zurich have allocated CVE-2022-29900 for AMD and CVE-2022-29901 for
Intel.

Despite the similar preconditions, these are very different
microarchitectural behaviours between vendors.

On AMD CPUs, Retbleed is one specific instance of a more general
microarchitectural behaviour called Branch Type Confusion.  AMD have
assigned CVE-2022-23816 (Retbleed) and CVE-2022-23825 (Branch Type
Confusion).

For more details, see:
  https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037

On Intel CPUs, Retbleed is not a new vulnerability; it is only
applicable to software which did not follow Intel's original Spectre-v2
guidance.  Intel are using the ETH Zurich allocated CVE-2022-29901.

For more details, see:
  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
  https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/return-stack-buffer-underflow.html

ARM have indicated existing guidance on Spectre-v2 is sufficient."
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-01 23:38:09 UTC 
5.19 is out with fixes in mainline. Doesn't seem like anything's made it down to stable yet.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-03 16:26:34 UTC 
Seems like fixes are in:

5.10.135 5.15.59 5.18.16