Retbleed

See also: Transient execution CPU vulnerability

Retbleed is a speculative execution attack on x86-64 and ARM processors, including some recent Intel and AMD chips.^[1][2] First made public in 2022, it is a variant of the Spectre vulnerability which exploits retpoline, which was a mitigation for speculative execution attacks.^[3]

Retbleed

CVE identifier(s)	CVE-2022-29900, CVE-2022-29901, CVE-2022-28693[dead link]

According to the researchers, Retbleed mitigations require extensive changes to the system which results in up to 14% and 39% performance loss on Linux for affected AMD and Intel CPU respectively.^[4] The PoC works against Intel Core 6th, 7th and 8th generation microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.

An official document from ARM informs that all ARM CPUs affected by Spectre are also affected by Retbleed.^[2]

Windows is not vulnerable because the existing mitigations already tackle it.^[1] Linux kernels 5.18.14 and 5.19 contain the fixes.^[5][6] The 32-bit Linux kernel, which is vulnerable, will not receive updates to fix the issue.^[7]