Older Intel and AMD processors are vulnerable to Rettbleed, a new Spectre variant. The vulnerability was discovered by a research team from the Technical University of Zurich. Meanwhile, the first security patches for Linux have been announced.
The Spectre variant was discovered by Swiss researchers Johannes Wikner and Kaveh Razavi. Spectre is a category of vulnerabilities in microprocessors. The new variant allows attackers to steal data from the processor kernel, even when protection is in place.
Rettbleed is categorized as a Spectre-BTI vulnerability (variant 2) that can be abused via branch target injection. Ultimately, hackers can use Rettbleed to steal kernel data in operating systems, such as passwords, keys and other secrets.
The researchers found that older models from Intel and AMD were particularly susceptible, including AMD Zen 1, Zen 2 and Intel Core Gen 6 to 8. The vulnerability is fixable, but patches may affect the performance of older processors. In addition, the costs of patching can quickly ramp up. The value of cloud instances running on affected processors will likely take a hit.
Linux announced Rettbleed-specific security patches for processors, Intel processors and various hypervisors. Microsoft indicated that Windows is already protected against the Spectre variant.
Tip: VUSec finds new Spectre-v2 vulnerability in Intel and Arm CPUs