Ampere Computing Logo
Contact Sales
Ampere Computing Logo
Hero Image

Retbleed

Bulletin ID: AMP-SB-0004

Potential Impact: An attacker can control the predictions for return addresses and can potentially hijack code flow to execute arbitrary code.

Severity: CVSS score: 6.5 (Medium)

Summary

Who is Impacted

All users of Ampere® Altra® and Ampere® Altra® Max.

Potential Impact

An attacker can control the predictions for return addresses and can potentially hijack code flow to execute arbitrary code.

Severity

Medium CVSS score: 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem Statement and Impact

Retbleed is an attack that exploits the unprotected prediction of return instructions. The issue is similar to Spectre variant 2 but exploits some easily triggerable cases (for example, fallback on empty return stack) where predictions for return addresses can still be controlled by an attacker. The Ampere® Altra® family and AmpereOne (formerly known as “Siryn”) are impacted by the Retbleed attack. Existing hardware mitigations (FEAT_CSV2), recommended for Spectre v2 and Spectre-BHB, provide mitigations for attacks based on Retbleed.

Fixed in

Ampere® Altra® 1.08g Ampere® Altra® Max 2.05a

Affected Products

The Ampere® Altra® family and AmpereOne (formerly known as “Siryn”) are impacted by the Retbleed attack.

Recommendations

It is highly recommended to upgrade firmware to Ampere® Altra® SRP 1.08g/Ampere® Altra® Max SRP 2.05a or greater. Hardware mitigations (FEAT_CSV2), recommended for Spectre v2 and Spectre-BHB, provide mitigations for attacks based on Retbleed.

References

https://developer.arm.com/documentation/ka005138/1-0/?lang=en

Created At : December 26th 2022, 6:42:37 am
Last Updated At : May 30th 2023, 11:32:25 pm
Ampere Logo

Ampere Computing LLC

4655 Great America Parkway Suite 601

Santa Clara, CA 95054

image
image
image
image
image
 |  |  | 
© 2024 Ampere Computing LLC. All rights reserved. Ampere, Altra and the A and Ampere logos are registered trademarks or trademarks of Ampere Computing.
This site runs on Ampere Processors.