Retbleed: A new Spectre version infects older Intel and AMD CPUs.
Click here to post a comment for Retbleed: A new Spectre version infects older Intel and AMD CPUs. on our message forum
cucaulay malkin
seems to affect zen1/2 the worst with near 100% success rate and higher leakage bandwidth, as well as 7th/8th gen in a big way too.
Venix
New week new vulnerabilities. Well I hope the impact from the fixes of those is not huge.
TheDeeGee
My old 4770K was pretty much downgraded to the first generation i7.
cucaulay malkin
same thing will happen to zen2 now
good thing 7/8th gen are already the same as first skylake lol
just disable them, lol.
who cares about some smecter
Kaarme
It feels like hackers know more about software than the coders who developed the software, and vulnerability investigators know more about CPUs than the engineers who designed the CPUs.
alanm
With millions of users of older CPUs I guess there is safety in numbers. How many systems can hackers go through per day until they reach you? ๐
umeng2002
โHackersโ arenโt developing these exploits. Researchers are.
Horus-Anhur
This exploit can be used remotely, or does it require physical access to the hardware?
sykozis
You'll never have 100% secure software or hardware. It's also impossible for CPU designers to account for every possible security flaw in any chip design. Same with software devs.... If you want a 100% secure computer, disassemble it and melt the parts down. As long as a computer is functional, there will be security flaws.
Given the vulnerability allows for software based attacks, remote execution is likely possible....
Blueabyss25
but if there was no loophole, what would the authorities do then!? ๐ ๐
schmidtbag
I misread the name as "Rectbleed". Not exactly the newest "vulnerability" but sure is a problem for many lol.
user1
Ever since the first spectre exploit, browsers have effectively crippled the accuracy and precision of timers via javascript, so successful remote execution is unlikely, I won't say its impossible though. ultimately you still have to run foreign code on your machine for this to work.
D1stRU3T0R
When people say "old AMD CPU" im thinking about AMD FX and older, not Ryzen lol
ps: i like how Intel 12 series has microcode: 0xd
xd
LesserHellspawn
Yep, from the view of my i7 5960X all of those CPUs are brand spanking new.
Astyanax
Does not affect windows at all.
Venix
Good catch !
PrMinisterGR
https://www.ghacks.net/2022/07/13/patches-for-new-retbleed-amd-and-intel-microprocessor-vulnerability-may-have-significant-overhead/
It affects everything, since it's basically a hardware hack. Intel has already eaten up the mitigation cost for Windows, but not for all CPUs, if I understood the article correctly.
Astyanax
It does not affect Windows
The mitigations are necessary for linux only.
"Windows systems are not affected given that these systems use Indirect Branch Restricted Speculation (IBRS) by default which is also the mitigation being made available to Linux users. Intel is not aware of this issue being exploited outside of a controlled lab environment.โ
RealNC
The perf impact of this mitigation is quite big. On Linux, it can be disabled with the:
kernel option. Other Spectre mitigations are left on. It only disables the costly retbleed mitigation. No idea how to disable it on Windows.
Exploiting retbleed requires local access or otherwise the ability to execute code locally, so unless you're running some multi-user system (including remote login), it should be safe to disable.
