Researchers have found two additional Spectre security vulnerabilities in older models of AMD and Intel processing chips.
Another two security weaknesses associated with the Spectre Variant 2 vulnerability have been discovered within older AMD and Intel processing chips. It is not yet known whether these weaknesses will be exploited by attackers.
Older Processing Chips Are a Potential Target
The two vulnerabilities, named CVE-2022-29900 (for AMD chips) and CVE-2022-29901 (for Intel chips), are a concern for Intel Core generation 6 to 8 processors, and AMD Zen 1, Zen 1+, and Zen 2 processors.
These models are vulnerable to speculative-execution attacks, which can trick a given CPU into carrying out a faulty instruction that accesses private data within the chip’s kernel memory.
This can also be referred to as a side-channel attack, as it uses a side channel to transfer information.
As written about on the COMSEC website, These two new vulnerabilities have been named RetBleed by ETH Zurich researchers Kaveh Razavi and Johannes Wikner. RetBleed is responsible for extracting the stolen data after a given vulnerability has been exploited so that the attackers can use it to their advantage.
In Episode 21 of Intel’s Chips & Salsa video series, the company stated that Windows, Linux, and macOS devices are vulnerable to these two weaknesses.
It Is Not Yet Known If These Vulnerabilities Will Be Exploited
Though there is potential for the CVE-2022-29900 and CVE-2022-29901 vulnerabilities to be exploited, any instances of this happening are yet to be announced. At the time of writing, no exploits in the wild have been discovered by Intel or AMD, but this does not necessarily mean that future attacks are out of the question.
Though patches are being tested to mitigate these two new vulnerabilities, the resources required for the feat are likely to cause a hefty overhead, which is a concern for both AMD and Intel.
Expect New Patches for These Vulnerabilities
Spectre was first announced in 2018, and each new iteration of the vulnerability has been successfully overcome. A specific defense system known as Reptoline was deployed in 2018 to mitigate Spectre attacks, but the new vulnerabilities have been able to bypass this protective measure. An increase in security measures on these AMD and Intel chips can also cause a decrease in performance quality.
However, these patches are likely required to prevent the exploitation of these Spectre vulnerabilities in the wild. Mitigations are currently in the works to tackle this issue.
Spectre Is an Ongoing Concern
It is not yet known whether new variations of Spectre will appear in the future. Multiple iterations have cropped up in the past, with these two new vulnerabilities suggesting that there may be more to come.
Though new patches will likely cause significant overhead, they will protect users from falling victim to possible future exploits via the CVE-2022-29900 and CVE-2022-29901 vulnerabilities.
Read the full article here