Researchers at ETH Zurich have found a way to overcome a commonly used defense mechanism against so-called speculative execution attacks targeting modern microprocessors.
In a technical paper published this week, the researchers described how attackers could use their technique — dubbed "Retbleed" — to steal sensitive data from the memory of systems with Intel and AMD microprocessors that are vulnerable to the issue. The researchers built their proof-of concept code for Linux but said some Windows and Apple computers with the affected microprocessors likely have the issue as well.
Their discovery prompted Intel and AMD to issue advisories this week describing mitigations against the new attack method. In an emailed statement, Intel said it had worked with industry partners, the Linux community, and Virtual Machine Manager (VMM) vendors to make mitigations available to customers. "Windows systems are not affected as they already have these mitigations by default," Intel noted.
AMD said the issue the researchers had identified potentially allows arbitrary speculative code execution under certain microarchitecture conditions. "As part of its ongoing work to identify and respond to new potential security vulnerabilities, AMD is recommending software suppliers consider taking additional steps to help guard against Spectre-like attacks," AMD said in an emailed statement. "That guidance is found in a new AMD whitepaper now available."
Both chipmakers said they were not aware of any active exploits in the wild related to the issue that the researchers at ETH Zurich discovered and reported.
A Dangerous Attack Vector
Security researchers consider speculative execution attacks as dangerous because they give attackers a way to access and steal sensitive data — including passwords and encryption keys — in a computer's memory. It's an issue that is especially of concern in shared environments such as public cloud services and shared enterprise infrastructure.
Speculative execution is a performance-enhancing mechanism in modern microprocessors where instructions in code are executed in advance of when they are needed, without waiting for previous instructions to be completed. The technique can help speed up microprocessor performance. If the microprocessor guesses wrong and executes an instruction that is not needed, it discards that instruction. But in doing so, it sometimes leaves artifacts from system memory in the processor's buffers or cache.
Threat actors have taken advantage of this fact to devise so-called side channel attacks where they get the microprocessor to speculatively execute code in such a way as to get it to access — and reveal — sensitive information in the system memory. The issue became a major concern in 2018 with the disclosure of the Spectre and Meltdown vulnerabilities in most microprocessors used in everything from servers to PCs, laptops, and mobile devices.
Since then, chipmakers like Intel and AMD have introduced changes and mitigations to make it harder for adversaries to carry out speculative execution side-channel attacks.
One widely used mitigation against speculative execution attacks is called "Retpoline," a Google-developed approach for controlling how a microprocessor performs speculation when handling certain instructions — so-called indirect "jumps" and "calls".
Retpolines work by replacing indirect jumps and calls with the "return" function, says Johannes Wikner, one of the researchers at ETH Zurich who developed the new exploit. "Retpoline replaces indirect jumps with returns using a crazy trick," Wikner says. "It tricks the processor to believe there has been a 'call' made from the location where the indirect jump was intended to lead."
The motivation for replacing indirect jumps and calls with returns was because the return function was considered impractical to exploit, he says.
But that is not the case, Wikner says. Their research showed that it is possible to trigger microarchitectural conditions on Intel and AMD CPUs that force the return function to be speculatively executed just like was possible with indirect jumps and calls. "Retpoline does not [consider] the fact the returns can be exploited, into account," he says. "This allows us to bypass the Retpoline defense."
Wikner says it took the researchers some work to exploit the issue on Intel microprocessors and required their finding a sequence of deep function call stacks to trigger it. "We found on AMD that all returns can be exploited regardless of the function call stack," he says. "We built a framework to make it easy also on Intel."
Bogdan Botezatu, director of threat research at Bitdefender, which last year developed a side-channel attack of its own against Intel CPUs, says Retbleed appears to be a side-channel attack as well one that bypasses a mitigation set in place for Spectre. "This is yet another way in which modern CPUs can be exploited to inadvertently leak information that should be considered secret — and for which hardware defenses are burnt into the silicon," he says.
He says two things are worth mentioning when talking about this type of attack. Conceptually, it beats measures built into chips to prevent data from leaking from one realm to the other. "In the hands of a patient and properly positioned attacker, this vulnerability can exfiltrate important information from shared computers or virtualized servers. This is bad," he says.
Complex to Execute
At the same time, such attacks require significant knowledge and logistics to successfully result in exfiltration of the data sought by a potential attacker. High-profile targets should be worried about the existence of this vulnerability and should deploy Intel and AMD's recommended mitigations. "Side-channel attacks are effective, but difficult to execute and exfiltrate exactly that piece of information that attackers are after," Botezatu says.
Intel said that two security advisories it published Tuesday address the research. One of them is here and the other here. The company described the issue as impacting some of its Skylake generation processors that do not have a feature called enhanced Indirect Branch Restricted Speculation (eIBRS). "Intel worked with the Linux community and VMM vendors to provide customers with software mitigations to enable Indirect Branch Restricted Speculation (IBRS), and enhanced Indirect Branch Restricted Speculation (eIBRS) where supported."
Windows systems are not affected because they use IBRS by default, the Intel statement noted.