Researchers at Swiss university ETH Zurich have devised a new speculative execution attack that can lead to information leaks and works against both Intel and AMD processors.
Named Retbleed, the attack targets retpolines (return trampolines), one of the defenses that was proposed in 2018 to mitigate Spectre, a subset of microarchitectural timing side-channel attacks affecting modern microprocessors.
Spectre vulnerabilities existed because branch mispredictions could result in private data becoming visible to attackers. Reptolines were introduced to mitigate the attack by replacing indirect jumps and calls with returns. Despite concerns, the risk associated with the behavior of return prediction in deep call stacks was considered low and reptolines became the main mitigation against Spectre.
While returns were deemed impractical to exploit to leak memory – because returns should not be predicted as indirect branches under normal microarchitectural conditions – the ETH Zurich researchers discovered that exploitation is, in fact, practical.
After reverse engineering the behavior of return instructions, the academics devised Retbleed, which exploits return instructions because there are specific microarchitectural conditions that can be triggered to force returns to be predicted like indirect branches, on both AMD and Intel processors.
“Our reverse engineering results show that all return instructions that follow sufficiently-deep call stacks can be hijacked using a precise branch history on Intel CPUs. On AMD CPUs, we find that any return instruction can be hijacked, regardless of the previous call stack, as long as the previous branch destination is correctly chosen during branch poisoning,” the academics note in their research paper.
On Intel chips, the researchers underflowed the return stack buffer – where return target predictions reside – which resulted in returns behaving like indirect jumps. The academics also say they could hijack all returns coming after the underflow.
“This happens upon executing deep call stacks. In our evaluation, we found over a thousand of such conditions that can be triggered by a system call,” the researchers say.
On AMD chips, the researchers note, it is not necessary to underflow the return stack buffer, as mispredictions appear whenever there is a colliding indirect branch. Essentially, they discovered that they could poison the return instruction using an indirect jump and trick the branch predictor into predicting an indirect branch target instead of a return.
“This means that any return that we can reach through a system call can be exploited — and there are tons of them,” the researchers say.
“We also found that AMD CPUs exhibit phantom jumps (CVE-2022-23825): branch predictions that occur even in the absence of any corresponding branch instruction. Using the same technique we used to exploit Retbleed, we could omit the return instruction completely and observe branch target prediction on any given instruction,” the academics continue.
The researchers also discovered that many microarchitectures allow for the creation of collisions on kernel return instructions from user mode, meaning that an unprivileged attacker could “arbitrarily control the predicted target of such return instructions by branching into kernel memory,” even on systems with all deployed mitigations enabled.
The academics built an analysis framework on top of Linux testing and tracing facilities to identify microarchitecture-dependent vulnerable return instructions that an attacker can exploit to gain sufficient control over registers or memory.
“We saw that retpoline-protected Intel and AMD CPUs are vulnerable to Retbleed. Retpoline, as a Spectre mitigation, fails to consider return instructions as an attack vector,” the researchers underline.
Intel, which tracks the security flaws as CVE-2022-29901 and CVE-2022-28693, will selectively enable Indirect Branch Restricted Speculation (IBRS) on Retbleed-vulnerable systems, to prevent software from controlling the predicted targets of indirect branches.
To mitigate the vulnerabilities — tracked as CVE-2022-29900 and CVE-2022-23825 — AMD has introduced jmp2ret, which replaces returns in the kernel with direct jumps to a return thunk. The proposed solutions introduce up to 28% overhead.
Related: Academics Devise New Speculative Execution Attack Against Apple M1 Chips
Related: New Side-Channel Attack Targets Intel CPU Ring Interconnect
Related: CrossTalk: First Speculative Execution Attack Allowing Data Leaks Across Intel CPU Cores