Retbleed: A new Spectre version infects older Intel and AMD CPUs.
Click here to post a comment for Retbleed: A new Spectre version infects older Intel and AMD CPUs. on our message forum
cucaulay malkin
seems to affect zen1/2 the worst with near 100% success rate and higher leakage bandwidth, as well as 7th/8th gen in a big way too.
Venix
New week new vulnerabilities. Well I hope the impact from the fixes of those is not huge.
TheDeeGee
cucaulay malkin
Kaarme
It feels like hackers know more about software than the coders who developed the software, and vulnerability investigators know more about CPUs than the engineers who designed the CPUs.
alanm
With millions of users of older CPUs I guess there is safety in numbers. How many systems can hackers go through per day until they reach you? ๐
umeng2002
โHackersโ arenโt developing these exploits. Researchers are.
Horus-Anhur
This exploit can be used remotely, or does it require physical access to the hardware?
sykozis
Blueabyss25
but if there was no loophole, what would the authorities do then!? ๐ ๐
schmidtbag
I misread the name as "Rectbleed". Not exactly the newest "vulnerability" but sure is a problem for many lol.
user1
D1stRU3T0R
When people say "old AMD CPU" im thinking about AMD FX and older, not Ryzen lol
ps: i like how Intel 12 series has microcode: 0xd
xd
LesserHellspawn
Yep, from the view of my i7 5960X all of those CPUs are brand spanking new.
Astyanax
Does not affect windows at all.
Venix
PrMinisterGR
https://www.ghacks.net/2022/07/13/patches-for-new-retbleed-amd-and-intel-microprocessor-vulnerability-may-have-significant-overhead/
It affects everything, since it's basically a hardware hack. Intel has already eaten up the mitigation cost for Windows, but not for all CPUs, if I understood the article correctly.
Astyanax
RealNC
The perf impact of this mitigation is quite big. On Linux, it can be disabled with the:
kernel option. Other Spectre mitigations are left on. It only disables the costly retbleed mitigation. No idea how to disable it on Windows.
Exploiting retbleed requires local access or otherwise the ability to execute code locally, so unless you're running some multi-user system (including remote login), it should be safe to disable.