| CVE identifier(s) | CVE-2022-29900, CVE-2022-29901, CVE-2022-28693[dead link] |
|---|
Retbleed is aspeculative execution attack onx86-64 andARM processors, including some recentIntel andAMD chips.[1][2] First made public in 2022, it is a variant of theSpectre vulnerability which exploitsretpoline, which was a mitigation for speculative execution attacks.[3]
According to the researchers, Retbleed mitigations require extensive changes to the system which results in up to 14% and 39% performance loss on Linux for affected AMD and Intel CPU respectively.[4] ThePoC works againstIntel Core 6th, 7th and 8th generation microarchitectures andAMD Zen 1, Zen 1+, and Zen 2 microarchitectures.
An official document from ARM informs that all ARM CPUs affected by Spectre are also affected by Retbleed.[2]
Windows is not vulnerable because the existing mitigations already tackle it.[1]Linux kernels 5.18.14 and 5.19 contain the fixes.[5][6] The 32-bit Linux kernel, which is vulnerable, will not receive updates to fix the issue.[7]