Retbleed

Does anyone remember Meltdown and  Spectre? These vulnerabilities were discovered in June and July 2017 and publicly documented in early 2018. As a result, countermeasures have been taken by software manufacturers for both operating systems and applications, some of which also lead to reduced performance.

As reported on https://www.ncsc.admin.ch/retbleed-en, researchers of the ETH Zürich now discovered a vulnerability in one of the counter measures – retpoline – affecting CPUs by Intel and AMD which got the name “Retbleed” (CVE-2022-29900, CVE-2022-29901). Also see the description at https://comsec.ethz.ch/research/microarch/retbleed/.

Leave a public comment

Your email address will not be published. This is not a contact form! If you want to send me a personal message, use my e-mail address in the imprint.

You can use the following HTML tags in the comment:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>