Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Software Vendors Start Patching Retbleed CPU Vulnerabilities

Vendors have started rolling out software updates to address the recently disclosed Retbleed speculative execution attack targeting Intel and AMD processors.

Vendors have started rolling out software updates to address the recently disclosed Retbleed speculative execution attack targeting Intel and AMD processors.

Disclosed earlier this week, Retbleed is a new attack technique targeting retpolines (return trampolines), the widely adopted mitigation against the Spectre side-channel attack affecting modern microprocessors.

Reptolines were introduced in 2018 to replace indirect jumps and calls with returns, thus mitigating the issue where branch mispredictions leaked data to attackers.

This week, however, researchers at Swiss university ETH Zurich published a paper demonstrating that exploitation of reptolines to leak memory was practical, and that the attack works on both Intel and AMD processors that have full Spectre mitigations enabled.

Both Intel – which tracks the flaws as CVE-2022-29901 and CVE-2022-28693 – and AMD – which tracks them as CVE-2022-29900 and CVE-2022-23825 – have announced patches for the bugs, and software vendors have started rolling them out to their users as well.

Citrix has announced hotfixes for Hypervisor, noting that the bugs “may allow code inside a guest VM to infer the contents of RAM memory elsewhere on the host.” Only systems running Hypervisor on AMD Zen 1 or AMD Zen 2 processors are impacted, but not those using AMD Zen 3 CPUs or on Intel chips that have all of the previous updates installed.

“Citrix has released hotfixes to address this issue. Citrix recommends that affected customers install these hotfixes as their patching schedule allows. Note that remediating this hardware issue in software may impact performance on affected CPUs,” Citrix says.

Advertisement. Scroll to continue reading.

VMware has confirmed that all four vulnerabilities impact its ESXi hypervisor, and that patches are available for ESXi versions 7.0, 6.7, and 6.5, as well as for Cloud Foundation versions 4.x and 3.x.

“A malicious actor with administrative access to a virtual machine can take advantage of various side-channel CPU flaws that may leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host,” VMware notes.

As part of its Patch Tuesday cycle, Microsoft announced that the latest Windows builds enable mitigations against the vulnerabilities impacting AMD processors, advising customers to apply the latest software updates and to implement extra security features if untrusted users are allowed to execute arbitrary code on their systems.

The Xen Project too has confirmed impact from the flaws affecting AMD’s CPUs, but only on systems running Zen2 or earlier microprocessors – systems with AMD Zen3 and Intel chips are not impacted. Xen has announced patches for stable branches and encourages updating to a stable branch before applying them.

Fedora says fixes for all four vulnerabilities have been included in Fedora 36 Update: kernel-5.18.11-200.fc36, which includes stable patches and “the Retbleed patches scheduled for 5.18.12 kernels.”

SUSE Linux too has confirmed impact from CVE-2022-29900 and CVE-2022-29901 on SUSE Linux Enterprise Desktop, Enterprise Server, Enterprise Server for SAP Applications, and Enterprise HPC. Patches have been released for some of the affected products, but SUSE is still working on addressing the bugs across its portfolio.

Ubuntu announced that kernel updates are in the works, without offering a specific availability timeline. While Red Hat Enterprise Linux releases 6 to 9 are impacted by CVE-2022-29900 and CVE-2022-29901, Red Hat has not offered a release date for patches, but says that Enterprise Linux 6 will remain unpatched.

Related: Retbleed: New Speculative Execution Attack Targets Intel, AMD Processors

Related: Academics Devise New Speculative Execution Attack Against Apple M1 Chips

Related: New Side-Channel Attack Targets Intel CPU Ring Interconnect

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.