Retbleed
Bulletin ID: AMP-SB-0004
Potential Impact: An attacker can control the predictions for return addresses and can potentially hijack code flow to execute arbitrary code.
Severity: CVSS score: 6.5 (Medium)
Summary
Who is Impacted
All users of Ampere® Altra® and Ampere® Altra® Max.
Potential Impact
An attacker can control the predictions for return addresses and can potentially hijack code flow to execute arbitrary code.
Severity
Medium
CVSS score: 6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Problem Statement and Impact
Retbleed is an attack that exploits the unprotected prediction of return instructions. The issue is similar to Spectre variant 2 but exploits some easily triggerable cases (for example, fallback on empty return stack) where predictions for return addresses can still be controlled by an attacker.
The Ampere® Altra® family and AmpereOne™ (formerly known as “Siryn”) are impacted by the Retbleed attack. Existing hardware mitigations (FEAT_CSV2), recommended for Spectre v2 and Spectre-BHB, provide mitigations for attacks based on Retbleed.
Fixed in
Ampere® Altra® 1.08g
Ampere® Altra® Max 2.05a
Affected Products
The Ampere® Altra® family and AmpereOne™ (formerly known as “Siryn”) are impacted by the Retbleed attack.
Recommendations
It is highly recommended to upgrade firmware to Ampere® Altra® SRP 1.08g/Ampere® Altra® Max SRP 2.05a or greater. Hardware mitigations (FEAT_CSV2), recommended for Spectre v2 and Spectre-BHB, provide mitigations for attacks based on Retbleed.
References
https://developer.arm.com/documentation/ka005138/1-0/?lang=en
Who is Impacted
All users of Ampere® Altra® and Ampere® Altra® Max.Potential Impact
An attacker can control the predictions for return addresses and can potentially hijack code flow to execute arbitrary code.Severity
MediumCVSS score: 6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Problem Statement and Impact
Retbleed is an attack that exploits the unprotected prediction of return instructions. The issue is similar to Spectre variant 2 but exploits some easily triggerable cases (for example, fallback on empty return stack) where predictions for return addresses can still be controlled by an attacker.The Ampere® Altra® family and AmpereOne™ (formerly known as “Siryn”) are impacted by the Retbleed attack. Existing hardware mitigations (FEAT_CSV2), recommended for Spectre v2 and Spectre-BHB, provide mitigations for attacks based on Retbleed.
Fixed in
Ampere® Altra® 1.08gAmpere® Altra® Max 2.05a