Investigators from the Swiss university ETH Zurich have discovered a new Spectre-like vulnerability that takes use of the processor's speculative execution to get access to sensitive data. Retbleed i... Retbleed: A new Specter version infects older Intel and AMD CPUs.
seems to affect zen1/2 the worst with near 100% success rate and higher leakage bandwidth, as well as 7th/8th gen in a big way too.
same thing will happen to zen2 now good thing 7/8th gen are already the same as first skylake lol just disable them, lol. who cares about some smecter
It feels like hackers know more about software than the coders who developed the software, and vulnerability investigators know more about CPUs than the engineers who designed the CPUs.
With millions of users of older CPUs I guess there is safety in numbers. How many systems can hackers go through per day until they reach you?
You'll never have 100% secure software or hardware. It's also impossible for CPU designers to account for every possible security flaw in any chip design. Same with software devs.... If you want a 100% secure computer, disassemble it and melt the parts down. As long as a computer is functional, there will be security flaws. Given the vulnerability allows for software based attacks, remote execution is likely possible....
I misread the name as "Rectbleed". Not exactly the newest "vulnerability" but sure is a problem for many lol.
Ever since the first spectre exploit, browsers have effectively crippled the accuracy and precision of timers via javascript, so successful remote execution is unlikely, I won't say its impossible though. ultimately you still have to run foreign code on your machine for this to work.
When people say "old AMD CPU" im thinking about AMD FX and older, not Ryzen lol ps: i like how Intel 12 series has microcode: 0xd xd
https://www.ghacks.net/2022/07/13/p...-vulnerability-may-have-significant-overhead/ It affects everything, since it's basically a hardware hack. Intel has already eaten up the mitigation cost for Windows, but not for all CPUs, if I understood the article correctly.
It does not affect Windows The mitigations are necessary for linux only. "Windows systems are not affected given that these systems use Indirect Branch Restricted Speculation (IBRS) by default which is also the mitigation being made available to Linux users. Intel is not aware of this issue being exploited outside of a controlled lab environment.”
The perf impact of this mitigation is quite big. On Linux, it can be disabled with the: Code: retbleed=off kernel option. Other Spectre mitigations are left on. It only disables the costly retbleed mitigation. No idea how to disable it on Windows. Exploiting retbleed requires local access or otherwise the ability to execute code locally, so unless you're running some multi-user system (including remote login), it should be safe to disable.