According to Ars Technica, ETH Zurich named their attack Retbleed because it exploits a software defense known as retpoline, which was introduced in 2018 to mitigate the harmful effects of speculative execution attacks.
For those not in the know another speculative execution attack, also known as Spectre, exploit the fact that when modern CPUs encounter a direct or indirect instruction branch, they predict the address for the next instruction they're about to receive and automatically execute it before the prediction is confirmed.
Spectre, which really did Intel and AMD over, tricked the CPU into executing an instruction that accesses sensitive data in memory that would normally be off-limits to a low-privileged application.
Retbleed takes this further by extracting the data after the operation is canceled. The ETH Zurich researchers have conclusively shown that retpoline is insufficient for preventing speculative execution attacks. Their Retbleed proof-of-concept works against Intel CPUs with the Kaby Lake and Coffee Lake microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.
Intel and AMD advised customers to adopt new mitigations that the researchers said will add as much as 28 percent more overhead to operations.
Intel has confirmed that the vulnerability exists on Skylake-generation processors that don't have a protection known as enhanced Indirect Branch Restricted Speculation (eIBRS) in place.
"Intel has worked with the Linux community and VMM vendors to provide customers with software mitigation guidance which should be available on or around today's public disclosure date," Intel wrote in a blog post. "Note that Windows systems are not affected given that these systems use Indirect Branch Restricted Speculation (IBRS) by default which is also the mitigation being made available to Linux users. Intel is not aware of this issue being exploited outside of a controlled lab environment."
AMD said that was recommending software suppliers consider taking additional steps to help guard against Spectre-like attacks,"
Research Kaveh Razavi added: "Retbleed is more than just a retpoline bypass on Intel, specially on AMD machines. AMD is in fact going to release a white paper introducing Branch Type Confusion based on Retbleed. Essentially, Retbleed is making AMD CPUs confuse return instructions with indirect branches. This makes exploitation of returns very trivial on AMD CPUs." The mitigations will come at a cost that the researchers measured to be between 12 percent and 28 percent more computational overhead. Organizations that rely on affected CPUs should carefully read the publications from the researchers, Intel, and AMD and be sure to follow the mitigation guidance.