公司
解决方案
开发者
工作机会
CN
CN
EnglishChinese
Ampere Computing Logo
Ampere Computing Logo
解决方案
解决方案主页
平台系统
解决方案
性能总览
Reference Architecture Overview
Tuning Guides Overview
工作负载简介概览
如何购买
Ampere 系统
Ampere Altra
Azure
Equinix
甲骨文
腾讯云
谷歌云
Ampere AI 下载工作原理常见问题
开发者
开发者中心部署云应用使能开源社区把数据用起来构建云应用设计云应用
支持
Hero Image

Retbleed

Bulletin ID: AMP-SB-0004

Potential Impact: An attacker can control the predictions for return addresses and can potentially hijack code flow to execute arbitrary code.

Severity: CVSS score: 6.5 (Medium)

Summary

Who is Impacted

All users of Ampere® Altra® and Ampere® Altra® Max.

Potential Impact

An attacker can control the predictions for return addresses and can potentially hijack code flow to execute arbitrary code.

Severity

Medium CVSS score: 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem Statement and Impact

Retbleed is an attack that exploits the unprotected prediction of return instructions. The issue is similar to Spectre variant 2 but exploits some easily triggerable cases (for example, fallback on empty return stack) where predictions for return addresses can still be controlled by an attacker. The Ampere® Altra® family and AmpereOne (formerly known as “Siryn”) are impacted by the Retbleed attack. Existing hardware mitigations (FEAT_CSV2), recommended for Spectre v2 and Spectre-BHB, provide mitigations for attacks based on Retbleed.

Fixed in

Ampere® Altra® 1.08g Ampere® Altra® Max 2.05a

Affected Products

The Ampere® Altra® family and AmpereOne (formerly known as “Siryn”) are impacted by the Retbleed attack.

Recommendations

It is highly recommended to upgrade firmware to Ampere® Altra® SRP 1.08g/Ampere® Altra® Max SRP 2.05a or greater. Hardware mitigations (FEAT_CSV2), recommended for Spectre v2 and Spectre-BHB, provide mitigations for attacks based on Retbleed.

References

https://developer.arm.com/documentation/ka005138/1-0/?lang=en

Created At : December 26th 2022, 6:52:02 am
Last Updated At : December 29th 2022, 9:02:02 am

Ampere Computing

4655 Great America Parkway

Suite 601 Santa Clara, CA 95054

Tel: +86-021-64338766

info[at]amperecomputing.com

关于我们
image
image
© 2022 Ampere Computing LLC. All rights reserved. Ampere, Altra and the A and Ampere logos are registered trademarks or trademarks of Ampere Computing.