# Retbleed



## jbo (Jul 12, 2022)

We got another one: https://comsec.ethz.ch/research/microarch/retbleed/

CVEs:

Intel: https://www.cve.org/CVERecord?id=CVE-2022-29901
AMD: https://www.cve.org/CVERecord?id=CVE-2022-29900


----------



## mer (Jul 12, 2022)

"We have verified that Retbleed works on AMD Zen 1, Zen 1+, Zen 2 and Intel Core generation 6–8."
So older generations are not vulnerable?


----------



## Phishfry (Jul 12, 2022)

I was wondering and looking at the 2018 Intel page all P4,P6 and Xeon and up...








						Reading privileged memory with a side-channel
					

Posted by Jann Horn, Project Zero     We have discovered that CPU data cache timing can be abused to efficiently leak information out of mi...




					googleprojectzero.blogspot.com
				





> So far, we have not actually identified any existing, exploitable instances of the vulnerable code pattern;


----------



## Phishfry (Jul 12, 2022)

This is why I have HyperThreading turn off on my Firewall:


> Based on the assumption that branch predictor state is shared between hyperthreads


HyperThreading hit on P4 if my memory serves me right.
Probably on premium server parts first like P6 and later Xeon


----------



## _al (Jul 13, 2022)

*Slightly off topic.*
Intel said that my computer has (a very old) Intel ME related problem (one of the discussions was here).
I run Intel detection tool on Linux (on FreeBSD the result will be the same. I think.)

```
lanin@debian2:~/test_csme$ sudo python2.7 intel_csme_version_detection_tool
[sudo] пароль для lanin:
Intel(R) CSME Version Detection Tool
Copyright(C) 2017-2020, Intel Corporation, All rights reserved.

Application Version: 5.1.0.0
Scan date: 2022-07-13 06:13:32 GMT

*** Host Computer Information ***
Name: debian2
Manufacturer: ASUSTeK COMPUTER INC.
Model: WS-C621E-SAGE Series
Processor Name: Intel(R) Xeon(R) Gold 5120 CPU @ 2.20GHz
OS Version: Debian GNU/Linux 11 (bullseye) (5.10.0-16-amd64)

*** Intel(R) ME Information ***
Engine: Intel(R) Server Platform Services
Version: 10 4.1.4.381 10 4.1.4.381

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
  The detected version of the Intel(R) Server Platform Services firmware
  has a vulnerability listed in one or more of the public Security Advisories.
  Contact your system manufacturer for support and remediation of this system.

For more information refer to the Intel(R) CSME Version Detection Tool User Guide
or the related Intel Security Advisory list at:
https://www.intel.com/content/www/us/en/support/articles/000031784/technologies.html
```
And I still haven't done anything, but I haven't noticed anything wrong either...
Has anyone encountered such a problem? And did you solve it?

*Edit:*
 Sorry, it appears to be a Linux tool only. It does not work on FreeBSD:

```
[lanin@freebsd ~/tmp/test_csme]$ sudo python2.7 ./intel_csme_version_detection_tool
Пароль: 
Intel(R) CSME Version Detection Tool
Copyright(C) 2017-2020, Intel Corporation, All rights reserved.

Application Version: 5.1.0.0
Scan date: 2022-07-13 07:18:50 GMT

*** Host Computer Information ***
Name: freebsd
Manufacturer: N/A
Model: N/A
Processor Name: N/A
OS Version: FreeBSD 13.1-RELEASE (13.1-RELEASE)

Traceback (most recent call last):
  File "./intel_csme_version_detection_tool", line 147, in <module>
    sys.exit(main())
  File "./intel_csme_version_detection_tool", line 122, in main
    (the_err.strerror, the_err.errno))
TypeError: %d format: a number is required, not NoneType
```


----------



## _al (Jul 13, 2022)

Andrey Lanin said:


> one of the discussions was here


There are very soothing words there 
I found an interesting document there - https://invisiblethingslab.com/resources/bh09usa/Ring -3 Rootkits.pdf
I realized that  it's useless to fight it...And I decided not to worry...


----------

