A group of researchers from the ETH Zurich has identified a new attack on the mechanism of speculative execution of indirect jumps in the CPU, which allows you to extract information from kernel memory or organize an attack on the host system from virtual machines. The vulnerabilities were codenamed Retbleed (CVE-2022-29900, CVE-2022-29901) and are similar in nature to Specter-v2 attacks. The difference comes down to the organization of speculative execution of arbitrary code when processing the “ret” (return) instruction, which retrieves the address to jump from the stack, instead of indirectly jumping using the “jmp” instruction, loading the address from memory or a CPU register.
An attacker can create conditions for incorrect jump prediction and organize a purposeful speculative jump to a code block that is not provided for by the program execution logic. Ultimately, the processor will determine that the branch prediction was not justified and roll back the operation to its original state, but the data processed during the speculative execution will settle in the cache and microarchitectural buffers. If an erroneously executed block performs a memory access, then its speculative execution will lead to settling in the general cache and data read from memory.
To determine the data left in the cache after the speculative execution of operations, the attacker can use methods to determine the residual data through third-party channels, for example, analyze changes in the access time to cached and not cached data. For purposeful extraction of information from areas in a different privilege level (for example, from kernel memory), "gadgets" are used - sequences of commands present in the kernel, suitable for speculative reading of data from memory, depending on external conditions that can be influenced by an attacker.
To protect against classic attacks of the Specter class, which use conditional and indirect branch instructions, most operating systems use the “retpoline” technique, based on replacing indirect branch operations with the “ret” instruction, for which a separate stack state prediction block is used in processors, does not use a branch prediction block. At the introduction of retpoline in 2018, it was believed that Specter-like address manipulations were not practical for speculative branching using the "ret" instruction.
The researchers who developed the Retbleed attack method demonstrated the possibility of creating microarchitectural conditions for initiating a speculative transition using the “ret” instruction and published a ready-made toolkit for identifying instruction sequences (gadgets) suitable for exploiting the vulnerability in the Linux kernel, in which such conditions appear.
In the course of the study, a working exploit was prepared that allows, on systems with Intel CPUs, from an unprivileged process in user space to extract arbitrary data from kernel memory at a speed of 219 bytes per second and 98% accuracy. On AMD processors, the efficiency of the exploit is much higher - the leak rate is 3.9 KB per second. As a practical example, it shows how to use the proposed exploit to determine the contents of the /etc/shadow file. On systems with Intel CPUs, an attack to determine the hash of the root password was carried out in 28 minutes, and on systems with AMD CPUs, in 6 minutes.
The attack was confirmed for 6-8 generations of Intel processors that were released before Q3 2019 (including Skylake), and AMD processors based on Zen 1, Zen 1+ and Zen 2 microarchitectures that were released before Q2021 3. In newer processor models, such as AMD ZenXNUMX and Intel Alder Lake, as well as in ARM processors, the problem is blocked by existing protection mechanisms. For example, the use of IBRS (Indirect Branch Restricted Speculation) instructions helps protect against an attack.
A set of changes has been prepared for the Linux kernel and the Xen hypervisor, which block the problem programmatically on older CPUs. The proposed patch for the Linux kernel changes 68 files, adds 1783 lines, and removes 387 lines. Unfortunately, protection leads to significant overhead costs - in the texts carried out on AMD and Intel processors, performance degradation is estimated from 14% to 39%. It is more preferable to use protection based on IBRS instructions, available in new generations of Intel CPUs and supported since the Linux 4.19 kernel.
On Intel processors, address substitution for a speculative indirect branch is performed due to a feature that occurs when an underflow occurs in the Return Stack Buffer. When such conditions occur, the ret instruction begins to apply address selection logic similar to that used in conventional indirect jumps. More than a thousand places have been found in the Linux kernel that create the conditions for initiating such a backflow and are available through system calls.
On AMD processors, the speculative execution of the “ret” instruction is carried out without reference to a stack-specific buffer (Return Address Stack), and the branch prediction block considers the “ret” instruction not as a return of control, but as an indirect branch, and, accordingly, uses the data for prediction when predicting indirect transitions. Under these conditions, virtually any "ret" operation that is reachable via a system call can be exploited.
Additionally, AMD CPUs also have another problem (CVE-2022-23825, Branch Type Confusion) related to the implementation of dummy branches - conditions for branch prediction can occur even without the necessary branch instructions, which allows you to influence the branch prediction buffer without an instruction " ret". This feature significantly complicates the implementation of protection and requires more active clearing of the branch prediction buffer. Adding full protection to the core is expected to result in a 209% overhead increase.
Source: opennet.ru